Re: dpkg-sig support wanted?
On Wed, 23 Nov 2005 12:58:12 -0500, Erinn Clark
<erinn@double-helix.org> wrote:
>* Marc Haber <mh+debian-devel@zugschlus.de> [2005:11:23 18:40 +0100]:
>> On Wed, 23 Nov 2005 17:34:41 +0100, Jeroen van Wolffelaar
>> >Just to provide some statistics about dpkg-sig usage, as I got curious
>> >about it too:
>> >
>> >In the archive, 525 out of 283283 .deb's are dpkg-sig'd (0.19%). There
>> >are 8 distinct keys used for those 525 .deb's, seven of which correspond
>> >to DD's[1].
>>
>> So, most of the DD's do not care about security at all. Why does
>> Debian have a reputation of being so secure?
>
>Yet just today you filed a bug (#340403) for documentation to be
>included in the package since you were unable to explain dpkg-sig's
>strengths.
The requested documentation is available online, and I have had the
opportunity to talk to dpkg-sig's authors and independent security
people about its advantages.
> How is it possible for you to claim something is more secure
>when you don't understand it well enough to say how it's different?
Well, even if I know naught about it, it looks to me that having
something signed is better than having the same something not signed.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Reply to: