Re: #Auto-Update: yes|no|minorversion for d/control?

To: Debian Med Project List <debian-med@lists.debian.org>
Subject: Re: #Auto-Update: yes|no|minorversion for d/control?
From: Andrius Merkys <andrius.merkys@gmail.com>
Date: Mon, 10 Jun 2019 06:40:42 +0300
Message-id: <[🔎] CAEZpsw3Zw8hJWNnJTW071_=oGVDVyCaqnHamhLMCb_tckgFS4A@mail.gmail.com>
In-reply-to: <[🔎] aede605a-eb2f-4975-21ac-3631e0414d62@gmx.de>
References: <[🔎] aede605a-eb2f-4975-21ac-3631e0414d62@gmx.de>

Hi Steffen,

On Sun, 9 Jun 2019, 23:46 Steffen Möller, <steffen_moeller@gmx.de> wrote:

Opinions?

This sounds tempting. Upstreams of quite a bunch of packages are well-behaved and could be trusted to produce non-breaking updates, at least for patch and minor versions. What worries me are license changes and security issues. While the former could be formally detected (licensecheck), the entry threshold for potential backdoors would be lowered by auto-updates (man-in-the-middle and the like). I'd trust only GPG-signed release tarballs.

Best,

Andrius

Reply to:

Follow-Ups:
- Re: #Auto-Update: yes|no|minorversion for d/control?
  - From: Andreas Tille <andreas@an3as.eu>

References:
- #Auto-Update: yes|no|minorversion for d/control?
  - From: Steffen Möller <steffen_moeller@gmx.de>

Prev by Date: #Auto-Update: yes|no|minorversion for d/control?
Next by Date: V
Previous by thread: #Auto-Update: yes|no|minorversion for d/control?
Next by thread: Re: #Auto-Update: yes|no|minorversion for d/control?
Index(es):
- Date
- Thread