Re: Anounce of a secure repo for debian

To: debian-devel@lists.debian.org
Subject: Re: Anounce of a secure repo for debian
From: Klaus Ethgen <Klaus@Ethgen.de>
Date: Mon, 31 May 2010 12:49:28 +0100
Message-id: <[🔎] 20100531114928.GE27642@ikki.ethgen.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20100531104910.fd490545.codehelp@debian.org>
References: <[🔎] 20100530181249.GA17971@ikki.ethgen.de> <[🔎] 20100531044257.GX3336@mykerinos.kheops.frmug.org> <[🔎] 20100531104910.fd490545.codehelp@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

Am Mo den 31. Mai 2010 um 10:49 schrieb Neil Williams:
> At the very least, the public key should be available on the server
> itself and it should preferably be in an archive-keyring package in
> Debian.

Sure. And I plan to do so. But for the moment there is just that
packages I told about.

> gpgv: Signature made Sun 30 May 2010 19:01:45 BST using RSA key ID
> D1A4EDE5

Correct.

> > Where is that key available?
> 
> I assume it's this one:
> pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <(E-Mail Removed)>
> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B

See my signature, yes.

> and subkeys.pgp.net didn't report having that key.

Thats really strange. The key _is_ on this server so I do not know why
you didn't find it.

> I would question the safety / reliability of using a repository

Thats always the case with additional repositories. And since APT do not
show the source of a package in the default configuration makes this not
better.

> that forces the creation of Packages and Sources and Release files by
> hand instead of using a reliable, reproducible tool like reprepro.

Well, this method was grown since ages when reprepro was not available
and I hadn't the time to migrate a working method to a /nice/ working
method.

> The site even includes the Makefile that shows the hacks used to make
> the repository files.

There is no reason to hide that, so, yes.

Regards
   Klaus
- -- 
Klaus Ethgen                            http://www.ethgen.de/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEVAwUBTAOiSJ+OKpjRpO3lAQpRJgf9Hb7adxPjd+JqtPWxMNzL1DWXvyxTV+Lq
iqGaQ50+LsVoJH6DJgdt/vxAc/J4vLujrhnBqsrjdKwcquV66kJx8reZDeIxawBl
0K0z01W19CYTlHCykE8j0QIJSahbhGAyw02k2cFr9ToXCbWUv337Ao2FmmE8UQO/
/T8SVqc7Xc3LkUT4PapiXDg8iN5qo8r5T6YFD4JQKu50bFPqQx8Azc3Ri7PxupU0
pTh00oWhg3zbrboYP/vn53KafZXvkayR3bPfyZZBIrGXSJ361GSaqWIdnCoGJu6D
Bq/z6Qn4shM+j/TPFBRS9eJr7SY5zuxzK1iCGs+gLeqdjaTO78NbQg==
=nJO2
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Anounce of a secure repo for debian
  - From: Marc Haber <mh+debian-devel@zugschlus.de>

References:
- Anounce of a secure repo for debian
  - From: Klaus Ethgen <Klaus@Ethgen.de>
- Re: Anounce of a secure repo for debian
  - From: Christian PERRIER <bubulle@debian.org>
- Re: Anounce of a secure repo for debian
  - From: Neil Williams <codehelp@debian.org>

Prev by Date: Re: test if primary group, with only implicit membership of the user?
Next by Date: Re: Archive area for clamz (Amazon MP3 downloader)
Previous by thread: Re: Anounce of a secure repo for debian
Next by thread: Re: Anounce of a secure repo for debian
Index(es):
- Date
- Thread