[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Future security problem (was Re: be careful with Replaces, please)



On Mon, 1 Dec 1997, Christian Schwarz wrote:

> The default keyring would probably be the developers keyring. The
> sysadmin could then add new keys of persons/organziations which he/she
> trusts to that keyring. 

> Comments?

Err... yes.

Am I the only one seeing a bit of a problem here? (Or am I missing
something I should know?) That is, PGP is non-US.  To be able to put PGP
in the main distribution, the master FTP site has to be moved off the US.
I don't have a problem with that, as I don't live in the US, but I
understand this can be quite an annoyance for many people.

Unless of course, the code that *checks* the PGP signatures can be put
into the main distribution, which I think is possible, since what funny US
laws forbid is the export of encryption technologies -- or something like
that -- and PGP signature *checking* doesn't fall into this category,
AFAIK.

As an aftertought... I realized this problem existed a few months ago when
I almost trashed a system I was trying to build a package on... basically,
I did something really stupid in a preinst script, and in fact, that's the
reason I'm using deb-make now. It protects me from myself ;-) (no, really,
I want to learn package building, and it's easier to figure out the
not-so-obvious-right-now problems this way) 


					Marcelo Magallón


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble?  e-mail to templin@bucknell.edu .


Reply to: