[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig support wanted?

Brian May wrote:
> >>>>> "Thiemo" == Thiemo Seufer <ths@networkno.de> writes:
> 
>     >> Well, even if I know naught about it, it looks to me that having
>     >> something signed is better than having the same something not signed.
> 
>     Thiemo> Sorry, but that's a snake oil rationale.
> 
> A: Why do you lock your car up[1]?
> 
> B: Because it looks like having it locked is better then not having it
> locked.
> 
> A: Sorry, but that's a snake oil rationale. Anybody can pick the lock
> and break in. Anybody can smash a window and break in. etc.

Wrong, it makes break-ins harder. OTOH we don't put stickers with
"this car is locked" on our cars.

The quote above suggested a signed package is somehow better than an
unsigned one, even when no improvements can be shown. But the only
thing it reliably achieves in that case is to increase the exposure of
the signing key.


Thiemo
Reply to: