[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: building binary-only package with different name?

On Tue, 27 Feb 2001, Peter S Galbraith wrote:

> In fact, make _sure_ you don't allow access to a signed .changes
> file on an unofficial web page because that would allow anybody
> to upload it to Debian.  It's signed after all.

Are the Debian upload queues not all password-protected?  If they are, then
the only danger is that another developer would upload your packages to the
queue, and that's as much a hanging offense as if they uploaded trojan
packages of their own, so. :)

If they aren't all password-protected, then how can we cryptographically sign
packages which are not suitable for upload into Debian that we want to
distribute from our own sites?

Steve Langasek
postmodern programmer

Reply to: