[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Official Debian digital 'branding' of debs

>>"Wichert" == Wichert Akkerman <wichert@cs.leidenuniv.nl> writes:

 Wichert> Because just signing everything that is on ftp.debian.org
 Wichert> automatically will create a false sense of security, which
 Wichert> is even worse.
        I agree. Each package should be signed by the developer who
 created it (this is required anyway to get it uploaded). The validity
 of the key is ensured by its presence in an official Debian
 keyring. You know it is official since it is signed by the Master


 "Take that, you hostile sons-of-bitches!" James Coburn, in the finale
 of _The_President's_Analyst_
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

Reply to: