Re: Packages and signatures

To: Manoj Srivastava <srivasta@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Packages and signatures
From: Michael Neuffer <neuffer@mail.uni-mainz.de>
Date: Thu, 1 Feb 2001 11:58:48 +0100
Message-id: <[🔎] 20010201115848.A5087@mail.uni-mainz.de>
In-reply-to: <[🔎] 87k87ayit6.fsf@glaurung.green-gryphon.com>; from srivasta@debian.org on Thu, Feb 01, 2001 at 01:16:21AM -0600
References: <20010127151936.A22490@taral.dhs.org> <20010127171349.M19317@alcor.net> <20010127231152.A830@debian.org> <20010127224509.Q19317@alcor.net> <20010128030306.A3706@debian.org> <20010128155213.X19317@alcor.net> <20010130230915.A8289@debian.org> <84g0i0l8ig.fsf@snoopy.apana.org.au> <20010131201212.B765@debian.org> <[🔎] 87k87ayit6.fsf@glaurung.green-gryphon.com>

Quoting Manoj Srivastava (srivasta@debian.org):
> >>"Nicolás" == Nicolás Lichtmaier <nick@debian.org> writes:
> 
>  Nicolás>  Yes, it's very reasonable (but all signatures should be
>  Nicolás> from autobuilders, and no developer should be allowed to
>  Nicolás> upload binaries, but that's another flamewar I won't start
>  Nicolás> now =) ).
> 
> 	You really think a signature by an automated process has any
>  security significance whatsoever? 

In the context of our discussions in Atlanta (CVS/make world et al.), 
it would have the advantage that the package would be build in an clean
common environment and not on one of 500 different machines with 500 
different configurations where nobody knows who broke in already.

Cheers
   Mike

Reply to:

Follow-Ups:
- Re: Packages and signatures
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- Re: Packages and signatures
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: FHS compliance and UNIX sockets
Next by Date: Re: Problems with using debconf in init script...
Previous by thread: Re: Packages and signatures
Next by thread: Re: Packages and signatures
Index(es):
- Date
- Thread