Re: git & Debian packaging sprint report

To: Michael Kesper <mkesper@schokokeks.org>, debian-devel@lists.debian.org
Subject: Re: git & Debian packaging sprint report
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Mon, 15 Jul 2019 18:02:05 +0100
Message-id: <[🔎] 875zo32pv6.fsf@iris.silentflame.com>
In-reply-to: <[🔎] 1f574674-14e1-9d9b-6f7d-73c62f991ffc@schokokeks.org>
References: <[🔎] 87bly2nwcf.fsf@iris.silentflame.com> <[🔎] 18ECEC09-EF0B-439E-A329-6739C3572A0C@kitterman.com> <[🔎] 877e8nbuu5.fsf@zephyr.silentflame.com> <[🔎] 1f574674-14e1-9d9b-6f7d-73c62f991ffc@schokokeks.org>

Hello Michael,

On Mon 15 Jul 2019 at 01:16PM +02, Michael Kesper wrote:

> Nonetheless it seems to me you are moving from trusting local signing
> to trusting upload by salsa, thereby making salsa more attractive for
> attackers.

I don't follow -- the git tag is PGP-signed, locally, by the uploader.
Just like how they would PGP-sign, locally, the .dsc and .changes.

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: git & Debian packaging sprint report
  - From: Michael Kesper <mkesper@schokokeks.org>

References:
- git & Debian packaging sprint report
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: git & Debian packaging sprint report
  - From: Scott Kitterman <debian@kitterman.com>
- Re: git & Debian packaging sprint report
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: git & Debian packaging sprint report
  - From: Michael Kesper <mkesper@schokokeks.org>

Prev by Date: Re: systemd services that are not equivalent to LSB init scripts
Next by Date: Re: git & Debian packaging sprint report
Previous by thread: Re: git & Debian packaging sprint report
Next by thread: Re: git & Debian packaging sprint report
Index(es):
- Date
- Thread