[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files

* Christoph Anton Mitterer <calestyo@scientia.net> [141030 05:10]:
> To be honest, it's really awkward to see how much all this is apparently
> fought against.

You have been told again and again that what you suggest would make the
whole thing less useable to the point that it reduces security for many

You have been told that your thread model is quite strange, in that
you assume that people will
- not only notice every MITM with too old a signature even though
  you suggest to change the system so that this will cause far more
  false positives,
- but will also investigate every short network or mirror problem so
  that the far easier MITM of making the security mirrors inaccessible
  (which your suggested 'improvement' does nothing against) is not
- but are not able to notice if there are no security updates applied.

What do you expect? That people on the list think it is a good idea to
do what in their eyes only lowers Debian's security just because someone
continues to claim the opposite?

Please take a step back and try to understand why people think this
will not help (It is not because they do not believe in evil
resourceful governments). This should make it easier to either have
arguments that persuage people or even better lead to solutions that
improve the situation more generally (I'm quite sure the are aspects
that can be improved, just that lowering Valid-Until times is

	Bernhard R. Link
F8AC 04D5 0B9B 064B 3383  C3DA AFFC 96D1 151D FFDC

Reply to: