Re: Status of new packages in Incoming?
Raul Miller wrote:
> Which implies that we should validate packages against developer's key
> before install, and that we should have some kind of list indicating
> which developers are working on which package for which architecture
> which is maintained under tighter control than the mirrors.
> We probably don't want to forbid install if package is signed by the
> wrong key -- but we want to do everything we can to help the sysadmin
> examine the package under that circumstance.
As I have already posted, the situtation you are talking about is the status
quo. And as far as I know nobody has gotten a trojan package in to Incoming,
so I'm confused why you are try to fix what's not broken.
I hope we get signed packages RSN. We need them badly, for completly
However, I am firmly opposed to any system that makes it harder to do NMU's,
and what you're proposing seems to do that.
see shy jo