Re: Bug#540215: Introduce dh_checksums
Wouter Verhelst <firstname.lastname@example.org> writes:
> On Wed, Mar 17, 2010 at 04:12:46PM -0700, Russ Allbery wrote:
>> Wouter Verhelst <email@example.com> writes:
>> > This is not true.
>> > wouter@merkel:/org/ftp.debian.org/queue/done$ ls *ges|wc -l
>> > 28969
>> > These are only the *active* changes files, though:
>> > wouter@merkel:/org/ftp.debian.org/queue/done$ find . -name 'nbd*ges'|wc -l
>> > 898
>> > ... since no .changes file is ever thrown away:
>> > wouter@merkel:/org/ftp.debian.org/queue/done$ du -sh .
>> > 7.1G
>> > They may not be visible on the mirrors, but they are there.
>> Ah, thank you. I didn't realize that we kept them at all.
>> Note, though, that if the concern is a cryptographically strong audit
>> trail, we could still retain a link from the original *.changes file to
>> the final package with a second (possibly signed) document archived with
>> the *.changes file listing the original and final checksums of the
>> now-signed packages.
The changes files are signed by a human and therefor have a strong trust
level. The "was XYZ is now UVW" file would have to be automatically
signed and much less trustworthy. Esspecially if you suspect someone
broke into ftp-master and modified some debs. They would just recreate
and resign the "was XYZ is now UVW" file with the automatic archive key.