[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig support wanted?

Scripsit Florian Weimer <fw@deneb.enyo.de>

> This means that it's dangerous to commit yourself to the contents of a
> document, using a digital signature, unless you fully understand the
> meaning of each byte in the document.

So how do the MD5 sums of .debs end up in a Packages file signed with
the archive key? Do the ftpmasters go over each file with a
disassembler, fully understanding the meaning of each byte in the .deb?

>>> (Note the "rub.de" part of the URL.  A clear warning sign.)

>> The nice thing about ad hominem arguments is that you can make them
>> without ever having to argue the merits of your case.

> *shrug* The computer security folks at that university started
> spreading FUD about various security systems, mainly rehashing the
> work of others.  They seem to be in it mostly for the publicity.

More ad hominem arguing.

Henning Makholm                   "Jeg mener, at der eksisterer et hemmeligt
                                 selskab med forgreninger i hele verden, som
                         arbejder i det skjulte for at udsprede det rygte at
                      der eksisterer en verdensomspændende sammensværgelse."

Reply to: