Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)

To: Gopal Narayanan <gopal@rainbow.astro.umass.edu>
Cc: debian-project@lists.debian.org
Subject: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
From: Detlev Zundel <detlev.zundel@stud.uni-karlsruhe.de>
Date: 04 Aug 2000 23:09:13 +0200
Message-id: <[🔎] 87aees68ee.fsf@magrathea.outer.space.org>
In-reply-to: Gopal Narayanan's message of "Tue, 1 Aug 2000 15:14:51 -0400"
References: <20000731161336.A18068@tardis.ed.ac.uk> <[🔎] Pine.LNX.3.96.1000801142027.327s-100000@dwarf> <[🔎] 20000801110946.D25853@molehole.dhis.org> <[🔎] 20000801130724.F31294@fcrao1.astro.umass.edu> <[🔎] 20000802034312.T6057@ftoomsh.progsoc.uts.edu.au> <[🔎] 20000801151451.G31294@fcrao1.astro.umass.edu>

Hi,

I am nearly sorry to lengthen this thread, but I stumbled about an
assumption that I believe is fundamental and _not_ true:

The keyboard of Gopal Narayanan <gopal@rainbow.astro.umass.edu> wrote:

> I think some sort of traceability is good. As debian maintainers, we
> can upload packages. If I am malicious and crafty enough, I can put
> a trojan horse in my package that can cause a lot of financial
> damage to some company/institution. Debian can be held responsible
> for this act of vandalism.

Is that so?

/etc/motd:

  Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
  permitted by applicable law.

Where exactly is it formulated that a package in Debian doing some
damage to a "customer" has to be prosecuted by Debian and the project
has to guarantee that the evil doer can be drawn and quartered?  If
that is the case then Debian will certainly set a precedent in the
Free Software Community.

Just for the records I got my pgp-key signed by the *Certification
Agency* of my university without depositing copies of a passport or
even copies _signed_ with the key. That's the form of trace-ability
that I think reasonable.  Many people pointed out (by means of
counter-examples) that the copy of a passport deposited with the DAM
does not improve on this.  Simply stating the opposite without
arguments holding up to inspection does not provide any content to the
discussion.

And as a side note, I've heard that people were able to do stuff for
the GNU project without depositing urine samples, but then again the
GNU project is probably not as respectable as Debian.  

Ok, now go on and flame me :)

Cheers
  Detlev

-- 
When you  loosen yourself from  all the obvious delusions  - religion,
ideology,  Communism - you're  still left  with the  myth of  your own
goodness. Which is the final delusion.
                                          -- Philip Roth

Reply to:

Follow-Ups:
- Re: [nm-admin] Identification step in the current scheme
  - From: Seth Cohn <seth@euglug.net>

References:
- Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
  - From: Dale Scheetz <dwarf@polaris.net>
- Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
  - From: Steve Greenland <stevegr@debian.org>
- Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
  - From: Gopal Narayanan <gopal@debian.org>
- Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
  - From: Anand Kumria <wildfire@progsoc.uts.edu.au>
- Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
  - From: Gopal Narayanan <gopal@rainbow.astro.umass.edu>

Prev by Date: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
Next by Date: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
Previous by thread: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
Next by thread: Re: [nm-admin] Identification step in the current scheme
Index(es):
- Date
- Thread