Re: Possibility of packaging JDK 1.3?

To: Carlos Laviola <claviola@ajato.com.br>
Cc: debian-devel@lists.debian.org
Subject: Re: Possibility of packaging JDK 1.3?
From: Alexander Hvostov <vulture@aoi.dyndns.org>
Date: Thu, 8 Mar 2001 21:23:55 -0800 (PST)
Message-id: <[🔎] Pine.LNX.4.21.0103082122400.4687-100000@cornerstone.core.aoi>
In-reply-to: <[🔎] XFMail.20010309014355.claviola@ajato.com.br>

On Fri, 9 Mar 2001, Carlos Laviola wrote:

> 
> On 09-Mar-2001 Alexander Hvostov wrote:
> > Bernd,
> > 
> > You're supposed to _trust_ the distributions you put in your
> > sources.list. If you don't, don't put them in there. Adding security
> > features of this sort to apt is probably not even remotely trivial...
> 
> AFAIK, Conectiva's own version of apt (w/rpm support) also features "repository
> signing", which apparently ensures that the repository you're using is indeed
> secure for use.

Even then, you trust your repository. Only this time, you trust your
repository because you trust whoever signed it, but this is really
applying a technological solution to a sociological problem, which doesn't
usually work very well.

Regards,

Alex.

Reply to:

References:
- Re: Possibility of packaging JDK 1.3?
  - From: Carlos Laviola <claviola@ajato.com.br>

Prev by Date: Re: Possibility of packaging JDK 1.3?
Next by Date: Re: unofficial mozilla 0.8 deb
Previous by thread: Re: Possibility of packaging JDK 1.3?
Next by thread: Re: Possibility of packaging JDK 1.3?
Index(es):
- Date
- Thread