[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should package removal requests be signed?

Jérôme Marant wrote:
>   I was browsing ftp.debian.org bugs about package removal
>   requests and I noticed that most of them are unsigned.
>   Aren't there security issues? What prevents anyone to
>   use the email adress of any developers to ask for the
>   removal of packages?

Just like any other bug report that calls for code changes, I expect it
won't be done without good reason. That said, reportbug makes it easy to
pipe bug mail into mutt for editing and gpg signing, and the bts handles
MIME reports now, so there is little reason not to sign bugs these days.
(That said, I'm not going to drag out my package signing key to sign a
bug report, just this less trusted email signing key..)

see shy jo

Attachment: pgpievRyZanyz.pgp
Description: PGP signature

Reply to: