Re: Future security problem (was Re: be careful with Replaces, please)
On Mon, 1 Dec 1997, Christian Schwarz wrote:
> The default keyring would probably be the developers keyring. The
> sysadmin could then add new keys of persons/organziations which he/she
> trusts to that keyring.
> Comments?
Err... yes.
Am I the only one seeing a bit of a problem here? (Or am I missing
something I should know?) That is, PGP is non-US. To be able to put PGP
in the main distribution, the master FTP site has to be moved off the US.
I don't have a problem with that, as I don't live in the US, but I
understand this can be quite an annoyance for many people.
Unless of course, the code that *checks* the PGP signatures can be put
into the main distribution, which I think is possible, since what funny US
laws forbid is the export of encryption technologies -- or something like
that -- and PGP signature *checking* doesn't fall into this category,
AFAIK.
As an aftertought... I realized this problem existed a few months ago when
I almost trashed a system I was trying to build a package on... basically,
I did something really stupid in a preinst script, and in fact, that's the
reason I'm using deb-make now. It protects me from myself ;-) (no, really,
I want to learn package building, and it's easier to figure out the
not-so-obvious-right-now problems this way)
Marcelo Magallón
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: