On Sun, 2006-07-16 at 14:24 +0200, martin f krafft wrote: > While it's easy to conceive such certificates, and easy to add such > functionality to the checker programmes, it seems impossible to make > it such that they cannot be faked. I don't like the certificate idea for two reasons. First, if you want to make sure that no packages with e.g. lintian errors enter the archive, you can make a lot simpler system by just running lintian server-side. There's no cheating possible, there's no complex certificate infrastructure required. But more importantly, I don't think that strictly requiring that a package is lintian errors clean is a good idea anyway. Suppose that there's a security bug in a package that I want to fix quickly. Lintian yields an error that was already present in the previous package. I can't upload just the security fix unless I fix that other error aswell. Thijs
Attachment:
signature.asc
Description: This is a digitally signed message part