[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sofftware outside Debian (Re: holes in secure apt)

On Wed, 2014-06-18 at 13:55 +0200, Jakub Wilk wrote: 
> Yes, maintaining packages properly takes time. If packaging new upstream 
> releases is too much effort, why bother uploading it to Debian in the 
> first place?
Actually, I think everything that tries to circumvent the package
management system should be considered harmful in the first place... on
should probably not allow it in main at all... and all downloader
packages should have to go to contrib or non-free.

Question however is,... what about packages like Mozilla-stuff or
gnome-shell which more or less actively do just that via their plugin
Personally I'd like to see them deactivated by default... and plugins
being packaged (as many are). 

> There are a few mechanisms to mitigate downgrade attacks within the 
> archive:
> * Valid-Until fields in the Release files;
I still think the time spans are far too long here... can someone please
tell me against what I could report a bug (i.e. politely ask for
enhancement by making the time span much smaller)?


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: