[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig support wanted?

On Wed, 23 Nov 2005 17:34:41 +0100, Jeroen van Wolffelaar
<jeroen@wolffelaar.nl> wrote:
>On Tue, Nov 22, 2005 at 04:50:02PM +0100, Marc 'HE' Brockschmidt wrote:
>> As I'm responsible for most of dpkg-sig's code (and planned to do some
>> more work in the next two months) I'd like to know if anyone cares about
>> using these binary signatures or if I can invest my time into something
>> that's a bit more satisfying (== non-Debian stuff). As the ftp-masters
>> and the dpkg maintainers seem to have no interest in the whole thing,
>> I'm beginning to doubt that it's sensible to work on dpkg-sig.
>Just to provide some statistics about dpkg-sig usage, as I got curious
>about it too:
>In the archive, 525 out of 283283 .deb's are dpkg-sig'd (0.19%). There
>are 8 distinct keys used for those 525 .deb's, seven of which correspond
>to DD's[1].

So, most of the DD's do not care about security at all. Why does
Debian have a reputation of being so secure?

Otoh, what does the project gain by making 0.19 % of our debs in the
archive less secure than they are now? Are we that damager driven that
we deliberately reduce our security just to gain an uniform level?


-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Reply to: