[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Central version control for Debian

Andreas Schuldei <andreas@schuldei.org>:
> It is the question of what you get for it. Is the cost worth it?
> If we had a more secure distribution it would be good.

Using a centralized version control system for Debian packages wouldn't
guarantee improved security. On the contrary, it would seem to result in
a much more complicated way in which packages are updated. This doesn't
sound good to me.

> What we must ultimatly do is not only secure our source but also
> educate upstream. If that does not work and upstream keeps
> putting out insecure software, we have two choices:
> * publish exploits and force upstream to adopt changes
> [- - -]

This is what bugtraq and other existing forums are for, yes?

Lars Wirzenius <liw@wapit.com>
Architect, Kannel WAP and SMS Gateway project, Wapit Ltd, http://www.kannel.org

Reply to: