Re: Bug#93612: Support for new archive structure

[Philip Charles <philipc@copyleft.co.nz>]

I think that we are trying to turn apples into oranges.  The security of
CDs is relatively simple, that of a mirror more complex and they need to
be approached differently.

A mirror can have one corrupt or sabotaged file amongst 2-30000 and there
needs to be a way of detecting this.  The proposed scheme tackles this
problem and I am grateful. I have come across mirrors that I do not
trust. 

A CD (or iso image) is essentially one file and the integrity of this can
be verified by a single signed checksum.

However, there has to be a process which ensures a secure transfer from a
reliable archive to the CD image.  The process needs to be such that the
end user can understand how this was done and so have confidence in the
images checked by this process.  IMHO, we should be spending our energies
on developing this transfer process. 

Debian's responsibility has to end somewhere.  It cannot take
responsibility for my Hurd CDs for example, and I would suggest that it
only extends to Official CDs.  The parallel here is some of the rather
awful in-house Debian archives, Debian cannot take responsibility for
these.  A verification process may be available, but people may choose not
to use it. 

Phil.

-
  Philip Charles; 39a Paterson St., Dunedin, New Zealand; +64 3 4882818
Mobile 025 267 9420.  I sell GNU/Linux CDs.   See http://www.copyleft.co.nz
     philipc@copyleft.co.nz - preferred.           philipc@debian.org