Re: dpkg-sig support wanted?

To: debian-devel@lists.debian.org
Subject: Re: dpkg-sig support wanted?
From: Marc Haber <mh+debian-devel@zugschlus.de>
Date: Fri, 25 Nov 2005 22:52:24 +0100
Message-id: <[🔎] E1EflUW-0002Dt-Iv@scyw00225.scy001.de>
In-reply-to: <[🔎] 874q60qwny.fsf@becket.becket.net>
References: <[🔎] 877jb0iswl.fsf@nahar.marcbrockschmidt.de> <[🔎] 87fypntzzo.fsf@mid.deneb.enyo.de> <[🔎] 20051123160817.GB13417@cyan.localnet> <[🔎] 20051123220920.GD5414@hezmatt.org> <[🔎] 20051124023037.GE15019@cyan.localnet> <[🔎] 20051124131345.GE17550@khazad-dum.debian.net> <[🔎] 20051125025707.GD19298@cyan.localnet> <[🔎] 4386EAB1.4090602@hogyros.de> <[🔎] 87k6ewzu1e.fsf@informatik.uni-tuebingen.de> <[🔎] 20051125152704.GA13942@hezmatt.org> <[🔎] 87irugyarp.fsf@informatik.uni-tuebingen.de> <[🔎] 874q60qwny.fsf@becket.becket.net>

On Fri, 25 Nov 2005 12:50:41 -0800, Thomas Bushnell BSG
<tb@becket.net> wrote:
>Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de> writes:
>> The archive signing key gives absolutely no integrity ensurance on the
>> deb package. The only thing it insures is that the file was not
>> altered _after_ leaving ftp.de.debian.org for the mirrors and/or
>> user. In no way does it prevent altering the deb on ftp-master.
>
>Isn't that a useful assurance?  Perhaps I trust the maintenance of
>ftp-master, but not the maintenance of Joe Random Mirror.

So the natural reaction would be having _both_ signatures so that the
individual user can choose whom to trust.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Reply to:

References:
- dpkg-sig support wanted?
  - From: Marc 'HE' Brockschmidt <he@debian.org>
- Re: dpkg-sig support wanted?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Matthew Palmer <mpalmer@debian.org>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Simon Richter <Simon.Richter@hogyros.de>
- Re: dpkg-sig support wanted?
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: dpkg-sig support wanted?
  - From: Matthew Palmer <mpalmer@debian.org>
- Re: dpkg-sig support wanted?
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: dpkg-sig support wanted?
  - From: Thomas Bushnell BSG <tb@becket.net>

Prev by Date: Re: Secret changes for binNMUs
Next by Date: Re: Remove
Previous by thread: Re: dpkg-sig support wanted?
Next by thread: Re: dpkg-sig support wanted?
Index(es):
- Date
- Thread