Re: New Maintainers
On Mon, Sep 22, 2003 at 07:56:06AM +0200, Florian Weimer wrote:
> On Sun, Sep 21, 2003 at 01:15:37PM -0400, Matt Zimmerman wrote:
>
> > Can you elaborate on the reasons why you feel that Debian is not
> > suitable for the recipients of these recommendations?
>
> If you install stable and activate convenient security updates via
> apt-get, you rely on the integrity of the network (and
> security.debian.org, but that's hard to avoid). Things are even worse if
> you add sources.list lines for regular updates (or even unstable) because
> now, mirrors are used and you trust them. As a result, there are a few
> machines which, when compromised, threaten the integrity of at least some
> of our Debian machines (not quite single points of ownership, but they
> come close).
A great deal of work has been done in this area. See
http://bugs.debian.org/203741 for information. It would be great if you
would like to help with this.
> Of course, there is always the signed DSA with the md5sums, but checking
> this data is rather inconvenient.
These documents are intentionally structured so that they are
straightforward to parse; the HTML advisories are already generated
semi-automatically.
> Default mailcap handling leaves something to be desired, too.
Can you be more specific? Are there bugs filed?
--
- mdz
Reply to: