Re: Official Debian digital 'branding' of debs
> > No security measure is perfect, including RedHat's but that's no reason to not
> > implement it. Why not do it like RedHat rather than not doing it at all?
> Because just signing everything that is on ftp.debian.org automatically
> will create a false sense of security, which is even worse.
If someone hacked where the sec-ring would be stored, he would be able to
do anything to the distribution anyway. There's always a single point of
failure.
Reply to: