[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The Debian Mentors Project



On Mon, May 12, 2003 at 05:41:40PM -0600, Jack Moffitt wrote:
> Ivo Marino wrote:
> > Of course we can't actually ensure that all uploaded packages on the
> > system are secure, for now we trust the testers of the system but in
> > future we'll introduce higher security standards.
> > 
> > If someone can allready point out an eventual solution for this problem
> > we'll open to consider any suggestion in order to improve the system.
> 
> Perhaps an easy thing to do would just be to show whether or not a
> pckage is signed by a key which is signed by a real debian developer.
> Ie, use the web of trust.  Then at least one can be reasonable sure that 
> the maintainer is real.

Surely getting that signature is the whole point of the system in the
first place?

I'd be half-inclined to make the download password-protected; anyone can
get a valid password just by asking, but the expectation is that only
developers should be downloading the packages, and this discourages
people from shoving it into apt lines.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Reply to: