[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Official Debian digital 'branding' of debs

> I think when the issue has come up in the past, it's been a problem
> with there being a single point of failure in the system (the "one,
> true, Debian key").  Just because nobody's hacked RH's system to get
> the key doesn't mean it won't happen...
> OTOH, I can see a pgp/gnupg signature made, at the time of upload, by
> developers; then you can decide which developers you trust (hopefully
> all of us, but it's more fine-grained from your POV).  I believe this
> was recently discussed here (or maybe on policy)...

No security measure is perfect, including RedHat's but that's no reason to not
implement it. Why not do it like RedHat rather than not doing it at all?

Sarel Botha          |     Computer &           | +27 341 81341
(sjb@dundee.lia.net) |        Accounting        | BOX 2065, Dundee
                     |           Services       | 3000, South Africa
 "The End is near." -- http://www.geocities.com/Athens/Olympus/7771/666.htm

Reply to: