Re: improving downloader packages (was: Re: holes in secure apt)

To: Christoph Anton Mitterer <calestyo@scientia.net>
Cc: debian-devel@lists.debian.org
Subject: Re: improving downloader packages (was: Re: holes in secure apt)
From: Gunnar Wolf <gwolf@gwolf.org>
Date: Wed, 25 Jun 2014 08:33:27 -0500
Message-id: <[🔎] 20140625133327.GA64462@gwolf.org>
In-reply-to: <[🔎] 1403295847.4386.16.camel@heisenberg.scientia.net>
References: <[🔎] 1402527988.4739.34.camel@heisenberg.scientia.net> <[🔎] 1402584880.5066.29.camel@heisenberg.scientia.net> <[🔎] 1402587383.5066.63.camel@heisenberg.scientia.net> <[🔎] 201406121931.14779.thijs@debian.org> <[🔎] 1402941020.4787.73.camel@heisenberg.scientia.net> <[🔎] 20140616181439.GA809@jwilk.net> <[🔎] 1403058096.4774.29.camel@heisenberg.scientia.net> <[🔎] 20140620022551.GC42904@gwolf.org> <[🔎] 1403295847.4386.16.camel@heisenberg.scientia.net>

Christoph Anton Mitterer dijo [Fri, Jun 20, 2014 at 10:24:07PM +0200]:
> > I do feel the keyring-maint package is a leftover from days long
> > gone. Nowadays the keyring is kept at a DVCS tree, and regularly
> > exported to a publicly accessible instance.
> Any reason for that "internal" repo? I mean what speaks against the idea
> of expressing everything via signatures by some special keys (which was
> probably the core idea of my proposal)

We want the repo to show what is "truth" at a given point in time. If
we shared our working tree, there'd be space for confusion on keys we
have already changed but not yet pushed (we do so on a ~monthly
basis).

Also, every now and then we handle requests that need not to be made
public until they have been implemented. Of course, we try to
implement/push them as soon as possible, but it's better to keep them
separate in a "not yet live" place.

Reply to:

References:
- holes in secure apt
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: holes in secure apt
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: holes in secure apt
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- improving downloader packages (was: Re: holes in secure apt)
  - From: Thijs Kinkhorst <thijs@debian.org>
- Re: improving downloader packages (was: Re: holes in secure apt)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: improving downloader packages (was: Re: holes in secure apt)
  - From: Jakub Wilk <jwilk@debian.org>
- Re: improving downloader packages (was: Re: holes in secure apt)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: improving downloader packages (was: Re: holes in secure apt)
  - From: Gunnar Wolf <gwolf@gwolf.org>
- Re: improving downloader packages (was: Re: holes in secure apt)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Re: Bug#752589: scowl: Please mark packages as Multi-Arch: foreign
Next by Date: Re: improving downloader packages (was: Re: holes in secure apt)
Previous by thread: Re: improving downloader packages (was: Re: holes in secure apt)
Next by thread: sofftware outside Debian (Re: holes in secure apt)
Index(es):
- Date
- Thread