[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Challenge: Binary free uploading

On Sun, 2006-07-16 at 14:24 +0200, martin f krafft wrote:
> While it's easy to conceive such certificates, and easy to add such
> functionality to the checker programmes, it seems impossible to make
> it such that they cannot be faked.

I don't like the certificate idea for two reasons.

First, if you want to make sure that no packages with e.g. lintian
errors enter the archive, you can make a lot simpler system by just
running lintian server-side. There's no cheating possible, there's no
complex certificate infrastructure required.

But more importantly, I don't think that strictly requiring that a
package is lintian errors clean is a good idea anyway. Suppose that
there's a security bug in a package that I want to fix quickly. Lintian
yields an error that was already present in the previous package. I
can't upload just the security fix unless I fix that other error aswell.


Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: