[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#93612: Support for new archive structure

On Thu, Apr 12, 2001 at 08:58:30AM +0200, Raphael Hertzog wrote:
> > (and was going to use the md5sums in it to ensure the Packages
> > file wasn't corrupt, too :-/)
> Duh. Couldn't we generate new Release files and sign them again ?
> Wouldn't you trust the debian-cd build ?

Not if I can avoid it. If we can avoid trusting the debian-cd build,
and still have the CD themselves be trustworthy, then that's a win. It
means we don't have to worry about the security of the machine doing
the builds, or worry who's building it, or anything similar.

Signing a different file on every CD means there are around around
30 different files to check the validity of and get people to sign;
assuming we want the CDs to be signed by the RM and the security team
(which seems sensible to me) then they have to assure themselves that
all those files are valid.

Further, people like debian-jr can't just use the same scripts with
appropriate tweaks and end up with a CD#1'ish subset of Debian that's
equally "secure" as the official CD#1.


Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

``_Any_ increase in interface difficulty, in exchange for a benefit you
  do not understand, cannot perceive, or don't care about, is too much.''
                      -- John S. Novak, III (The Humblest Man on the Net)

Reply to: