Re: Q: Where is keyring packaging guideline?

To: Adrian Bunk <bunk@debian.org>, debian-devel@lists.debian.org
Subject: Re: Q: Where is keyring packaging guideline?
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Fri, 24 Aug 2018 16:40:07 -0700
Message-id: <[🔎] 87h8jjwcyw.fsf@iris.silentflame.com>
In-reply-to: <[🔎] 20180824205426.GJ3214@localhost>
References: <[🔎] CAJW8SQckL49vZCMLxf6MLUDKzfbkBgby3TPh031c39VqDvZisw@mail.gmail.com> <[🔎] 20180821102543.iix5s2j7pw3du6sl@sarek.noreply.org> <[🔎] 87h8jljl1a.fsf@hephaestus.silentflame.com> <[🔎] 20180824205426.GJ3214@localhost>

Hello,

On Fri 24 Aug 2018 at 11:54PM +0300, Adrian Bunk wrote:

> How will Debian provide and maintain such trust paths in stable?
>
> If we ship it in a stable release, it is Debian that provides some
> initial level of trust.
>
> So far Debian has completely failed on properly vetting and
> DSA-maintaining 3rd party keys in Debian releases.

Yes, these packages are much more useful in unstable and arguably
harmful in stable, unfortunately.

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Q: Where is keyring packaging guideline?
  - From: Kentaro Hayashi <kenhys@gmail.com>
- Re: Q: Where is keyring packaging guideline?
  - From: Peter Palfrader <weasel@debian.org>
- Re: Q: Where is keyring packaging guideline?
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: Q: Where is keyring packaging guideline?
  - From: Adrian Bunk <bunk@debian.org>

Prev by Date: Re: Q: Where is keyring packaging guideline?
Next by Date: Re: Research survey: Impact of Microsoft Acquisition of GitHub
Previous by thread: Re: Q: Where is keyring packaging guideline?
Next by thread: Re: Let's start salvaging packages! -- draft text now available
Index(es):
- Date
- Thread