Re: Bits from the CD team: plans for debian-cd v3.0
On Tue, Jul 12, 2005 at 05:23:39PM +0300, Steve McIntyre wrote:
> 10. Signed Release files - we need a way to generate signed Release
> files on CDs, or to make apt happy with _all_ CDs (which is
> probably dangerous).
The problem we (Ubuntu) encountered after experience with signed CDs is
that a lot of people want to customise a CD image they've got, and
Release signatures make it really painful to do that; not to mention
developers trying to test small modifications to those same CD images.
I'm not really convinced that making apt happy with all CDs is actually
dangerous. Distributed CD images can be verified in other ways (does
jigdo-lite look for signed md5sums? I could imagine making it do so, if
it doesn't already), and people work around CD image signatures so much
that I've come to believe that they're worse than useless. Michael Vogt
is working on a modification to apt to make it trust all CDs.
Colin Watson [email@example.com]