Re: dpkg-sig support wanted?
- To: debian-devel@lists.debian.org
- Subject: Re: dpkg-sig support wanted?
- From: Henning Makholm <henning@makholm.net>
- Date: Thu, 01 Dec 2005 14:10:11 +0100
- Message-id: <[🔎] 87y835dkuk.fsf@kreon.lan.henning.makholm.net>
- References: <87fypntzzo.fsf@mid.deneb.enyo.de> <20051123160817.GB13417@cyan.localnet> <20051123220920.GD5414@hezmatt.org> <20051124023037.GE15019@cyan.localnet> <20051124131345.GE17550@khazad-dum.debian.net> <20051125025707.GD19298@cyan.localnet> <87wtiwh7tv.fsf@mid.deneb.enyo.de> <20051125231302.GD21979@cyan.localnet> <20051125234624.GA13795@uio.no> <871x0zsisi.fsf@informatik.uni-tuebingen.de> <20051129133904.GA16409@seehuhn.vm.bytemark.co.uk> <87irubpm4p.fsf@mid.deneb.enyo.de> <87u0dvxyow.fsf@kreon.lan.henning.makholm.net> <87y8363xxx.fsf@mid.deneb.enyo.de>
Scripsit Florian Weimer <fw@deneb.enyo.de>
> This means that it's dangerous to commit yourself to the contents of a
> document, using a digital signature, unless you fully understand the
> meaning of each byte in the document.
So how do the MD5 sums of .debs end up in a Packages file signed with
the archive key? Do the ftpmasters go over each file with a
disassembler, fully understanding the meaning of each byte in the .deb?
>>> (Note the "rub.de" part of the URL. A clear warning sign.)
>> The nice thing about ad hominem arguments is that you can make them
>> without ever having to argue the merits of your case.
> *shrug* The computer security folks at that university started
> spreading FUD about various security systems, mainly rehashing the
> work of others. They seem to be in it mostly for the publicity.
More ad hominem arguing.
--
Henning Makholm "Jeg mener, at der eksisterer et hemmeligt
selskab med forgreninger i hele verden, som
arbejder i det skjulte for at udsprede det rygte at
der eksisterer en verdensomspændende sammensværgelse."
Reply to: