Re: dpkg-sig support wanted?

To: debian-devel@lists.debian.org
Subject: Re: dpkg-sig support wanted?
From: Thomas Bushnell BSG <tb@becket.net>
Date: Fri, 25 Nov 2005 12:49:11 -0800
Message-id: <[🔎] 878xvcqwqg.fsf@becket.becket.net>
In-reply-to: <[🔎] 20051125022052.GA19298@cyan.localnet> (Anthony Towns's message of "Fri, 25 Nov 2005 12:20:52 +1000")
References: <[🔎] 877jb0iswl.fsf@nahar.marcbrockschmidt.de> <[🔎] 87fypntzzo.fsf@mid.deneb.enyo.de> <[🔎] 20051123160817.GB13417@cyan.localnet> <[🔎] 20051123183705.GE29646@khazad-dum.debian.net> <[🔎] 20051124015433.GB15019@cyan.localnet> <[🔎] 20051124124338.GD17550@khazad-dum.debian.net> <[🔎] 20051125022052.GA19298@cyan.localnet>

Anthony Towns <aj@azure.humbug.org.au> writes:

> .deb signatures are aimed at giving users some sort of assurance the
> package is "valid"; but when you actually look into it -- at least in
> Debian's circumstances -- those signatures can't actually give any
> meaningful assurance for any specific validity.

Don't they give the user the assurance that a Debian developer was
responsible for building and providing the package?

Reply to:

Follow-Ups:
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>

References:
- dpkg-sig support wanted?
  - From: Marc 'HE' Brockschmidt <he@debian.org>
- Re: dpkg-sig support wanted?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: Secret changes for binNMUs
Next by Date: Re: dpkg-sig support wanted?
Previous by thread: Re: dpkg-sig support wanted?
Next by thread: Re: dpkg-sig support wanted?
Index(es):
- Date
- Thread