Re: Bits from the DAMs

To: debian-project@lists.debian.org
Subject: Re: Bits from the DAMs
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 13 Feb 2005 22:36:53 +0100
Message-id: <[🔎] 87sm40w39m.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20050212140233.GA3479@cirrus.madduck.net> (martin f. krafft's message of "Sat, 12 Feb 2005 15:02:33 +0100")
References: <871xbo5cwl.fsf@vorlon.ganneff.de> <[🔎] 87d5v6c6m9.fsf@marant.org> <[🔎] 20050212125213.GA1160@cirrus.madduck.net> <[🔎] 873bw1di4r.fsf@marant.org> <[🔎] 20050212140233.GA3479@cirrus.madduck.net>

* martin f. krafft:

> Every additional member with write access to the archive is an
> additional threat to the integrity of the archive in case of
> a developer gone bad or a compromised key;

If I wanted to hurt Debian users, I'd become a mirror admin.  The
damage potential is far higher, and there is some potential for hiding
the breach for quite some time.  Unauthorized package uploads are more
likely to be spotted.  Building backdoors into your own package is not
very effective because there are only few widely-installed packages.

Reply to:

References:
- Re: Bits from the DAMs
  - From: Jérôme Marant <jmarant@free.fr>
- Re: Bits from the DAMs
  - From: martin f krafft <madduck@debian.org>
- Re: Bits from the DAMs
  - From: Jérôme Marant <jmarant@free.fr>
- Re: Bits from the DAMs
  - From: martin f krafft <madduck@debian.org>

Prev by Date: I like Lars Wirzenius (was: Re: Bits from the DAMs)
Next by Date: Re: Bits from the DAMs
Previous by thread: Re: Bits from the DAMs
Next by thread: Re: Bits from the DAMs
Index(es):
- Date
- Thread