Re: leaks in our only-signed-software fortress

To: <debian-devel@lists.debian.org>
Subject: Re: leaks in our only-signed-software fortress
From: Christoph Anton Mitterer <calestyo@scientia.net>
Date: Sat, 18 Feb 2012 16:02:52 +0200
Message-id: <[🔎] c6728367706314e815f09031fceddeb1@scientia.net>
In-reply-to: <[🔎] 1329563640.2492.5.camel@deep-thought>
References: <[🔎] 0763775752c72b696283491568e04907@scientia.net> <[🔎] 201202181148.31883.thomas@koch.ro> <[🔎] 1329563640.2492.5.camel@deep-thought>

Am 18.02.2012 13:14, schrieb Benjamin Drung:

This is no problem for us, because the malware was distributed onsomeuntrustworthy websites. We, as packagers, get the code directly fromthe
Videolan project.

So you meet them once in person and exchanged some kind of PKI/sharedsecret etc?That's great then of course and the ideal case of securely getting thesources as a maintainer :-)

But I guess only a small fraction of our packages have such a securetrust path to their upstream.



Chris.

Reply to:

References:
- leaks in our only-signed-software fortress
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: leaks in our only-signed-software fortress
  - From: Thomas Koch <thomas@koch.ro>
- Re: leaks in our only-signed-software fortress
  - From: Benjamin Drung <bdrung@debian.org>

Prev by Date: Re: leaks in our only-signed-software fortress
Next by Date: Teams in changelog trailers
Previous by thread: Re: leaks in our only-signed-software fortress
Next by thread: Re: leaks in our only-signed-software fortress
Index(es):
- Date
- Thread