[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Signing Packages.gz

On Sat, Apr 01, 2000 at 12:15:01PM +1000, Anthony Towns wrote:

(among many other minor typos)

> You can differentiated probably good but outdated old packages, and probably

This should read "can't differentiate". Whoops.

> bad but outdated old packages, no. On the upside, you can still verify that
> once upon a time they *were* trusted.

You also can't verify whether they're still trusted now or not, assuming
they're not from the current stable.

Also, upon a little reflection, I might add...

> Let me be somewhat linear for a moment. This is what I'm claiming:
> 	current-system < dinstall-key, signed-debs < dinstall-key & signed-debs

...that I'm more than happy to concede that, personally, for my circumstances,
I believe:

    current-system < dinstall-key < signed-debs < dinstall-key & signed-debs

If I had a choice between dinstall-key and signed-debs being implemented
tomorrow, by someone else, with no work by me, especially with the
proviso that only one of them would be done, ever, I'd choose signed-debs.

But that's not the choice I have. The choice I have is that I *can*
implement dinstall-keys, with probably a few days work, so that both apt
and dinstall support it, most of which time would be spent working out
how apt and dinstall are meant to work. I'm far less confident of being
able to implement signed-debs; both because the dpkg code scares me,
and getting the semantics of verification right (accepting signatures
by any key from debian-keyring, but only keys from debian-keyring for
most packages, and only James' key for debian-keyring) and working out
how to update "James" in case he retires, scares me too.

And not only this, but I can implement the former in the knowledge that
it won't stop the latter from being done too.

But unfortunately that's not quite the choice I have either, since for
some reason that I can't fathom, people seem to think that a dinstall
key would be an abomination to man and God and I'd probably be summarily
kicked out of the project as soon as I tried sending a patch somewhere.
Or at least it'd never get applied.

So really, I have the choice between trying to convince people that giving
dinstall a key of its own isn't actually as horrendous as people think,
and that it's actually, to some extent, a Good Thing, or just learning
to live with it.

And thus this thread.


Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG encrypted mail preferred.

 ``The thing is: trying to be too generic is EVIL. It's stupid, it 
        results in slower code, and it results in more bugs.''
                                        -- Linus Torvalds

Attachment: pgpeLDBIIe4Qh.pgp
Description: PGP signature

Reply to: