Re: [PATCH v3 3/3] dak.conf: add packages that trigger byhand-code-sign

To: Ben Hutchings <ben@decadent.org.uk>
Cc: Helen Koike <helen.koike@collabora.co.uk>, Helen Koike <helen.koike@collabora.com>, Julien Cristau <jcristau@debian.org>, Jakub Wilk <jwilk@debian.org>, 821051@bugs.debian.org, debian-admin@lists.debian.org, Steve McIntyre <steve@einval.com>, debian-dak@lists.debian.org
Subject: Re: [PATCH v3 3/3] dak.conf: add packages that trigger byhand-code-sign
From: Joerg Jaspert <joerg@debian.org>
Date: Mon, 12 Dec 2016 22:24:37 +0100
Message-id: <[🔎] 87bmwgyh62.fsf@delenn.ganneff.de>
Mail-followup-to: Ben Hutchings <ben@decadent.org.uk>, Helen Koike <helen.koike@collabora.co.uk>, Helen Koike <helen.koike@collabora.com>, Julien Cristau <jcristau@debian.org>, Jakub Wilk <jwilk@debian.org>, 821051@bugs.debian.org, debian-admin@lists.debian.org, Steve McIntyre <steve@einval.com>, debian-dak@lists.debian.org
In-reply-to: <[🔎] 1481577100.2742.30.camel@decadent.org.uk> (Ben Hutchings's message of "Mon, 12 Dec 2016 21:11:40 +0000")
References: <1475789253-4597-1-git-send-email-helen.koike@collabora.com> <cover.1479261618.git.helen.koike@collabora.com> <c351cba2a6b2712b05fb5eecc32d44858b72e635.1479261618.git.helen.koike@collabora.com> <1479641248.16599.34.camel@decadent.org.uk> <2929db43-e876-55a1-21bb-4a9c53ce1535@collabora.co.uk> <1480437307.16599.65.camel@decadent.org.uk> <[🔎] 87a8c1yp8y.fsf@delenn.ganneff.de> <[🔎] 1481577100.2742.30.camel@decadent.org.uk>

On 14519 March 1977, Ben Hutchings wrote:
>> The first is acceptable, the latter is not, for hopefully obvious reasons.
> I meant the latter.  Your reason for objecting is not obvious to me.  I
> understand that this can't be done for the main archive and all its
> mirrors, which is fine - this is only important for emabrgoed security
> updates.

We offer the archives, including security, by rsync too.
And that should stay. Mirrors of security do exist, for good reasons.[1]

Why does it need to be in the archive?

[1] Yes, they are not recommended to users. And if you have access to
the net, don't use them. Use our infrastructure.
But there are enough places where direct net connections simply are not
available, and where a mirror is the only thing you can reach. Loads of
company networks, for example.

And so for all practical purposes there is no difference between main
and security archive in terms of access to files in their archive, or
trying to limit a directory using apache access rules.

-- 
bye, Joerg

Reply to:

Follow-Ups:
- Re: [PATCH v3 3/3] dak.conf: add packages that trigger byhand-code-sign
  - From: Ben Hutchings <ben@decadent.org.uk>

References:
- Re: [PATCH v3 3/3] dak.conf: add packages that trigger byhand-code-sign
  - From: Joerg Jaspert <joerg@debian.org>
- Re: [PATCH v3 3/3] dak.conf: add packages that trigger byhand-code-sign
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: [PATCH v3 3/3] dak.conf: add packages that trigger byhand-code-sign
Next by Date: Re: [PATCH v3 3/3] dak.conf: add packages that trigger byhand-code-sign
Previous by thread: Re: [PATCH v3 3/3] dak.conf: add packages that trigger byhand-code-sign
Next by thread: Re: [PATCH v3 3/3] dak.conf: add packages that trigger byhand-code-sign
Index(es):
- Date
- Thread