On Fri, 2003-02-21 at 22:03, Florian Weimer wrote:
> Brian May <bam@debian.org> writes:
>
> > On Sat, Feb 15, 2003 at 07:54:11PM +0100, Florian Weimer wrote:
> >> If such things happen, how can you trust the Debian Project to
> >> deliever uncompromised software?
> >
> > It was one isolated event.
>
> Yes, but more such events will follow. One of it will be the first
> big compromise. Currently, I can only recommend Debian privately
> because the baptism of fire is still to happen.
[...]
> Working package and release signature would be more important at this
> point, IMHO.
While I agree that a working package verification system is needed in
Debian (and has to some degree already been implemented with Release
file signing and md5sums), I don't see how this applies to this debate.
the mICQ issue would not have been avoided with a signed package at all.
cheers
-- vbi
--
Available for key signing in Zürich and Basel, Switzerland
(what's this? Look at http://fortytwo.ch/gpg/intro)
Attachment:
signature.asc
Description: This is a digitally signed message part