Re: RFC: Central version control for Debian
Andreas Schuldei <andreas@schuldei.org>:
> It is the question of what you get for it. Is the cost worth it?
>
> If we had a more secure distribution it would be good.
Using a centralized version control system for Debian packages wouldn't
guarantee improved security. On the contrary, it would seem to result in
a much more complicated way in which packages are updated. This doesn't
sound good to me.
> What we must ultimatly do is not only secure our source but also
> educate upstream. If that does not work and upstream keeps
> putting out insecure software, we have two choices:
> * publish exploits and force upstream to adopt changes
> [- - -]
This is what bugtraq and other existing forums are for, yes?
--
Lars Wirzenius <liw@wapit.com>
Architect, Kannel WAP and SMS Gateway project, Wapit Ltd, http://www.kannel.org
Reply to: