Jérôme Marant wrote: > I was browsing ftp.debian.org bugs about package removal > requests and I noticed that most of them are unsigned. > Aren't there security issues? What prevents anyone to > use the email adress of any developers to ask for the > removal of packages? Just like any other bug report that calls for code changes, I expect it won't be done without good reason. That said, reportbug makes it easy to pipe bug mail into mutt for editing and gpg signing, and the bts handles MIME reports now, so there is little reason not to sign bugs these days. (That said, I'm not going to drag out my package signing key to sign a bug report, just this less trusted email signing key..) -- see shy jo
Attachment:
pgpievRyZanyz.pgp
Description: PGP signature