Re: Packages and signatures
> > Again with different words: A key used by "dinstall" (or whatever its name
> > is now) will have the same degree of security/trust that packages that are
> > now built with it.
>
> No, it has a much larger impact. I'll leave it to you to figure out
> exactly why :)
The only way somebody could access the key is by compromising the machine,
and by doing so the attacker could leave a hacked dinstall that would do
whatever the attacker wants... Where is the flaw in my reasoning?
Reply to: