Re: New Maintainers

To: debian-project@lists.debian.org
Subject: Re: New Maintainers
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 22 Sep 2003 07:56:06 +0200
Message-id: <[🔎] 20030922055606.GA12533@deneb.enyo.de>
In-reply-to: <[🔎] 20030921171537.GJ1360@alcor.net>
References: <[🔎] 20030921145320.GA22495@deprecation.cyrius.com> <[🔎] 20030921171537.GJ1360@alcor.net>

On Sun, Sep 21, 2003 at 01:15:37PM -0400, Matt Zimmerman wrote:

> Can you elaborate on the reasons why you feel that Debian is not suitable
> for the recipients of these recommendations?

If you install stable and activate convenient security updates via
apt-get, you rely on the integrity of the network (and
security.debian.org, but that's hard to avoid).  Things are even worse
if you add sources.list lines for regular updates (or even unstable)
because now, mirrors are used and you trust them.  As a result, there
are a few machines which, when compromised, threaten the integrity of at
least some of our Debian machines (not quite single points of
ownership, but they come close).

Of course, there is always the signed DSA with the md5sums, but checking
this data is rather inconvenient.

Default mailcap handling leaves something to be desired, too.

Reply to:

Follow-Ups:
- Re: New Maintainers
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: New Maintainers
  - From: Matt Zimmerman <mdz@debian.org>

References:
- New Maintainers
  - From: Martin Michlmayr <tbm@cyrius.com>
- Re: New Maintainers
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: New Maintainers
Next by Date: Re: New Maintainers
Previous by thread: Re: New Maintainers
Next by thread: Re: New Maintainers
Index(es):
- Date
- Thread