Re: Revival of the signed debs discussion
On Wed, Dec 03, 2003 at 06:50:09AM +0100, Goswin von Brederlow wrote:
[TSP]
> If there is no person sitting there signing it manually its useless.
Why is that? I trust an automated service to provide me signed timestamps. In fact
a Box doing exactly this and nothing else can be very securely locked down. You can
even use multiple.
> In theory every build log is read. In praxis I believe all buildd
> admins scroll through the log and look for some obvious signs of
> errors before signing. I don't expect them to read a 17 MB logfile
> line by line for example.
Oh I did not know that buildds do make so much work. I am impressed about
the work wgich is put into the project. I would personally not handle this
by hand. And looking at the thoughput of some daemons I highly doubt there
is any review of packages before beeing uploaded.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: