[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: kernel.org compromised

* Joerg Jaspert (joerg@debian.org) [110903 12:44]:
> 
> > Yeah, yeah.  We've beaten that horse to death, and our side lost.  I also
> > advocate that all debs should be signed, but that was not the will of the
> > ftp-masters the last time the issue was up for discussion.
> 
> Thats wrong.
> Since 03 Aug 2008 at least.
> 
> See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340306#33

This means that dpkg-sig needs to be completly re-written, even though
it was working quite well (before it was blocked by ftp-masters). Not
exactly what I would consider helpful, but well.

Anyways, I don't think discussing this topic more will gain us
anything. (And also the question of signing .deb-packages is completly
orthogonal from authentication of the downloaded packages files which
works, and which is necessary for protection from taken over hosts
like kernel.org this time).


Andi
Reply to: