[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages and signatures

Quoting Manoj Srivastava (srivasta@debian.org):
> >>"Nicolás" == Nicolás Lichtmaier <nick@debian.org> writes:
>  Nicolás>  Yes, it's very reasonable (but all signatures should be
>  Nicolás> from autobuilders, and no developer should be allowed to
>  Nicolás> upload binaries, but that's another flamewar I won't start
>  Nicolás> now =) ).
> 	You really think a signature by an automated process has any
>  security significance whatsoever? 

In the context of our discussions in Atlanta (CVS/make world et al.), 
it would have the advantage that the package would be build in an clean
common environment and not on one of 500 different machines with 500 
different configurations where nobody knows who broke in already.


Reply to: