[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New Maintainers

On Mon, Sep 22, 2003 at 07:56:06AM +0200, Florian Weimer wrote:

> On Sun, Sep 21, 2003 at 01:15:37PM -0400, Matt Zimmerman wrote:
> 
> > Can you elaborate on the reasons why you feel that Debian is not
> > suitable for the recipients of these recommendations?
> 
> If you install stable and activate convenient security updates via
> apt-get, you rely on the integrity of the network (and
> security.debian.org, but that's hard to avoid).  Things are even worse if
> you add sources.list lines for regular updates (or even unstable) because
> now, mirrors are used and you trust them.  As a result, there are a few
> machines which, when compromised, threaten the integrity of at least some
> of our Debian machines (not quite single points of ownership, but they
> come close).

A great deal of work has been done in this area.  See
http://bugs.debian.org/203741 for information.  It would be great if you
would like to help with this.

> Of course, there is always the signed DSA with the md5sums, but checking
> this data is rather inconvenient.

These documents are intentionally structured so that they are
straightforward to parse; the HTML advisories are already generated
semi-automatically.

> Default mailcap handling leaves something to be desired, too.

Can you be more specific?  Are there bugs filed?

-- 
 - mdz
Reply to: