Re: Revival of the signed debs discussion

[Bernd Eckenfels <lists@lina.inka.de>]

On Wed, Dec 03, 2003 at 06:50:09AM +0100, Goswin von Brederlow wrote:
[TSP]
> If there is no person sitting there signing it manually its useless.

Why is that? I trust an automated service to provide me signed timestamps. In fact
a Box doing exactly this and nothing else can be very securely locked down. You can
even use multiple.

> In theory every build log is read. In praxis I believe all buildd
> admins scroll through the log and look for some obvious signs of
> errors before signing. I don't expect them to read a 17 MB logfile
> line by line for example.

Oh I did not know that buildds do make so much work. I am impressed about
the work wgich is put into the project. I would personally not handle this
by hand. And looking at the thoughput of some daemons I highly doubt there
is any review of packages before beeing uploaded.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!