Re: git & Debian packaging sprint report

To: debian-devel@lists.debian.org
Subject: Re: git & Debian packaging sprint report
From: Michael Kesper <mkesper@schokokeks.org>
Date: Tue, 16 Jul 2019 10:58:36 +0200
Message-id: <[🔎] 9112f2b0-8437-d310-3b66-489f7cb3d56c@schokokeks.org>
In-reply-to: <[🔎] 875zo32pv6.fsf@iris.silentflame.com>
References: <[🔎] 87bly2nwcf.fsf@iris.silentflame.com> <[🔎] 18ECEC09-EF0B-439E-A329-6739C3572A0C@kitterman.com> <[🔎] 877e8nbuu5.fsf@zephyr.silentflame.com> <[🔎] 1f574674-14e1-9d9b-6f7d-73c62f991ffc@schokokeks.org> <[🔎] 875zo32pv6.fsf@iris.silentflame.com>

Hi Sean,

On 15.07.19 19:02, Sean Whitton wrote:
> On Mon 15 Jul 2019 at 01:16PM +02, Michael Kesper wrote:
> 
>> Nonetheless it seems to me you are moving from trusting local signing
>> to trusting upload by salsa, thereby making salsa more attractive for
>> attackers.
> 
> I don't follow -- the git tag is PGP-signed, locally, by the uploader.
> Just like how they would PGP-sign, locally, the .dsc and .changes.

Ah ok, sorry, this wasn't clear to me.

Michael

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- git & Debian packaging sprint report
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: git & Debian packaging sprint report
  - From: Scott Kitterman <debian@kitterman.com>
- Re: git & Debian packaging sprint report
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: git & Debian packaging sprint report
  - From: Michael Kesper <mkesper@schokokeks.org>
- Re: git & Debian packaging sprint report
  - From: Sean Whitton <spwhitton@spwhitton.name>

Prev by Date: Re: git & Debian packaging sprint report
Next by Date: default firewall utility changes for Debian 11 bullseye
Previous by thread: Re: git & Debian packaging sprint report
Next by thread: Re: git & Debian packaging sprint report
Index(es):
- Date
- Thread