[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fingerprint of the archive signing key

also sprach Andrew Suffield <asuffield@debian.org> [2004.06.29.1357 +0200]:
> That's a completely arse-backwards approach to security. All that
> accomplishes is to make sure that the people who break your system
> know what they're doing. That just makes things worse. You're
> confusing security and cryptography.

So what's a better one? What is a better approach to security than
to make it progressively harder for attackers? Don't worry, this
already includes policy and threat models and all the like.

> There's no such thing as a trustworthy company.

You're funny.

> > Or should Debian just continue to be second-grade when it comes to
> > security.
> False dilemma.

No, valid point.

Please do not CC me when replying to lists; I read them!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: