[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig support wanted?

On Wed, 23 Nov 2005 12:58:12 -0500, Erinn Clark
<erinn@double-helix.org> wrote:
>* Marc Haber <mh+debian-devel@zugschlus.de> [2005:11:23 18:40 +0100]: 
>> On Wed, 23 Nov 2005 17:34:41 +0100, Jeroen van Wolffelaar
>> >Just to provide some statistics about dpkg-sig usage, as I got curious
>> >about it too:
>> >
>> >In the archive, 525 out of 283283 .deb's are dpkg-sig'd (0.19%). There
>> >are 8 distinct keys used for those 525 .deb's, seven of which correspond
>> >to DD's[1].
>> So, most of the DD's do not care about security at all. Why does
>> Debian have a reputation of being so secure?
>Yet just today you filed a bug (#340403) for documentation to be
>included in the package since you were unable to explain dpkg-sig's

The requested documentation is available online, and I have had the
opportunity to talk to dpkg-sig's authors and independent security
people about its advantages.

> How is it possible for you to claim something is more secure
>when you don't understand it well enough to say how it's different?

Well, even if I know naught about it, it looks to me that having
something signed is better than having the same something not signed.


-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Reply to: