Re: uploaded package handling

To: Bruce Perens <bruce@pixar.com>, Dale Scheetz <dwarf@polaris.net>
Cc: Syrus Nemat-Nasser <syrus@ucsd.edu>, Debian Development <debian-devel@lists.debian.org>
Subject: Re: uploaded package handling
From: bruce@pixar.com (Bruce Perens)
Date: Tue, 9 Apr 96 08:12 PDT
Message-id: <[🔎] m0u6f5M-00063bC@mongo.pixar.com>

Me:
> Given the potential for trojan horse attacks, that's important.

From: Dale Scheetz <dwarf@polaris.net>
> This seems somewhat paranoid to me beside being redundant.

Please forgive me for being paranoid - it's a normal trait of the operating
system programmer.

> All transfers to master are now done via the maintainers login and password.

Note that these passwords are sent in the clear by the telnet program, and
anyone on a local net with a packet sniffer can pick them up.

> In principle I am opposed to such security measures in what is 
> substantially a public forum.

Note we are talking about identification, not encryption.

I think this is something we have to do to protect our users, ourselves,
and the CD manufacturers. If you don't understand the need for this, I
assert that it's because you haven't considered the possible scenarios,
and we should discuss them off the list.

	Thanks

	Bruce
--
Pixar Animation Studios: Reality is not our business.
Pixar's "Toy Story" $184.5M domestic, $66M overseas and counting.

Reply to:

Prev by Date: Bug#2623: unstable/libc-aout gethostbyaddr broken!
Next by Date: packages.
Previous by thread: Uploads to master (via chiark)
Next by thread: Re: uploaded package handling
Index(es):
- Date
- Thread