Re: Bug#540215: Introduce dh_checksums
Goswin von Brederlow <email@example.com> writes:
> The changes files are signed by a human and therefor have a strong trust
> level. The "was XYZ is now UVW" file would have to be automatically
> signed and much less trustworthy.
This objection makes no sense to me. The archive key is *much* more
trusted in practice than the individual DD keys. Haven't you been
advocating using the Packages file for this purpose, which is signed by
exactly the same key that would be doing this signature?
> Esspecially if you suspect someone broke into ftp-master and modified
> some debs.
Which they can do just as easily if you rely only on Packages. Even more
easily, in fact.
The problems that you are citing here are problems that we already have;
that, in fact, are much worse now than they would be under that proposed
scheme. (However, I will note that your *.changes idea does offer some
additional protection there over the scheme that I was considering.)
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>