Re: Proposal for removal of mICQ package

[Florian Weimer <fw@deneb.enyo.de>]

Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch> writes:

>> Working package and release signature would be more important at this
>> point, IMHO.  
>
> While I agree that a working package verification system is needed in
> Debian (and has to some degree already been implemented with Release
> file signing and md5sums), I don't see how this applies to this debate.
> the mICQ issue would not have been avoided with a signed package at all.

The mICQ maintainer wouldn't be listed in my trusted DD database, and
the package would have been uninstallable from day one.  Furthermore,
my systems wouldn't accept NMUs and the like from him.

(Yes, I know, it's terribly complicated to achieve this end-to-end
security in the Debian environment, but you can always dream. 8-)