Re: Experimental gaim_1.1.1-2 for Alpha

To: debian-devel@lists.debian.org
Subject: Re: Experimental gaim_1.1.1-2 for Alpha
From: Henning Makholm <henning@makholm.net>
Date: Thu, 06 Jan 2005 12:55:14 +0000
Message-id: <[🔎] 87pt0isonh.fsf@kreon.lan.henning.makholm.net>
In-reply-to: <[🔎] 20050106004718.GA5307@mauritius.dodds.net> (Steve Langasek's message of "Wed, 5 Jan 2005 16:47:19 -0800")
References: <[🔎] 1104933335.15265.5.camel@duke.gregfolkert.net> <[🔎] 1104935271.15265.16.camel@duke.gregfolkert.net> <[🔎] 20050105231200.GD5108@mauritius.dodds.net> <[🔎] 20050105231842.GA23769@deprecation.cyrius.com> <[🔎] 87brc3a15e.fsf@kreon.lan.henning.makholm.net> <[🔎] 20050106004718.GA5307@mauritius.dodds.net>

Scripsit Steve Langasek <vorlon@debian.org>
> On Wed, Jan 05, 2005 at 11:47:57PM +0000, Henning Makholm wrote:

>> Does it also apply to signing .dsc's?

> The archive scripts won't act on an uploaded .dsc without an accompanying
> .changes file, so this is not an issue.  Moreover, signing your .dsc
> provides a trust path to your source code

I think that is what I meant: If I sign a .dsc that is not intended to
be uploaded, is there a risk that this trust path ends up in the
archive because somebody else constructs a .changes to put them in?
The "somebody else" would have to be a DD, but the signature the
general public [1] would see in aptable source repositories would be
mine.

Or do the archive scripts check that the key that signed the .dsc is
the same that signed the .changes accompanying them?

[1] People with suffientent knowledge would know to look up the
    .changes in the PTS or the mailing list archives, but it is not
    generally distributed afaiu.

-- 
Henning Makholm          "Ambiguous cases are defined as those for which the
                       compiler being used finds a legitimate interpretation
                   which is different from that which the user had in mind."

Reply to:

Follow-Ups:
- Re: Experimental gaim_1.1.1-2 for Alpha
  - From: Steve Langasek <vorlon@debian.org>

References:
- Experimental gaim_1.1.1-2 for Alpha
  - From: Greg Folkert <greg@gregfolkert.net>
- Re: Experimental gaim_1.1.1-2 for Alpha
  - From: Greg Folkert <greg@gregfolkert.net>
- Re: Experimental gaim_1.1.1-2 for Alpha
  - From: Steve Langasek <vorlon@debian.org>
- Re: Experimental gaim_1.1.1-2 for Alpha
  - From: Martin Michlmayr <tbm@cyrius.com>
- Re: Experimental gaim_1.1.1-2 for Alpha
  - From: Henning Makholm <henning@makholm.net>
- Re: Experimental gaim_1.1.1-2 for Alpha
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: Status of Kernel 2.4.28 packages?
Next by Date: Re: murphy is listed on spamcop
Previous by thread: Re: Experimental gaim_1.1.1-2 for Alpha
Next by thread: Re: Experimental gaim_1.1.1-2 for Alpha
Index(es):
- Date
- Thread