Re: .deb integrity check

To: debian-devel@lists.debian.org
Subject: Re: .deb integrity check
From: Brian May <bam@snoopy.apana.org.au>
Date: Sat, 12 Jun 1999 13:06:23 +1000
Message-id: <[🔎] 19990612130623.A10855@snoopy.apana.org.au>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: bam@snoopy.apana.org.au
In-reply-to: <[🔎] 19990610182337.A30502@snoopy.apana.org.au>
References: <[🔎] 19990609231759.A6735@kitenet.net> <[🔎] 19990610182337.A30502@snoopy.apana.org.au>

In article <[🔎] 19990610182337.A30502@snoopy.apana.org.au> you write:
>Comments:
>
>1. What happens in the case a package is signed by someone who is not
>the maintainer? Would this be allowed?

Let me rephrase that (I didn't make myself too clear):

1. What happens in the case a package is signed by someone who is not
the active maintainer for that package but who is a Debian maintainer?
Would this be allowed (eg non-maintainer-uploads)?

>2. Is it desirable to prevent the Packages file from being tampered with?

I think that this is important - eg somebody could tamper with this
file and damage Debian's name.

-- 
Brian May <bam@snoopy.apana.org.au>

Attachment: pgpRMv_V5HKw1.pgp
Description: PGP signature

Reply to:

References:
- Re: .deb integrity check
  - From: Joey Hess <joey@kitenet.net>
- Re: .deb integrity check
  - From: Brian May <bam@snoopy.apana.org.au>

Prev by Date: Re: Release-critical Bugreport for June 11, 1999
Next by Date: Re: .deb integrity check
Previous by thread: Re: .deb integrity check
Next by thread: Re: .deb integrity check
Index(es):
- Date
- Thread