Hi, On 22.06.2012 15:57, green wrote: > > For what it is worth, I was puzzled by the "announcement" because it seemed > to be on an "official" domain but did not seem to be announced through > "official" channels. So I agree with Raphael on this; it would be nice to > make that clear in announcements and on the http.debian.net page. Please > take that as a suggestion for making a good idea even better with regard to > Debian. Actually, Raphael sent it to debian-devel-announce which addresses, well, developers. They are supposed to know the difference. Having that said, this list is a established mean to broadcast debian.net services (as a random example [1]). Furthermore I fail to see why http.debian.net would be better or worse than cdn.debian.net or whatever else may exist in the debian.net name space. You do not seem to be worried about these names, however. So please, calm down and thank Raphael for a service which is certainly improving the situation. As he said, it just exists as a staging service on debian.net until the service is matured enough that DSA accepts it as an official(tm) Debian service. > I feel that I am forced, for the sake of security (even if misguided), to > always differentiate between "official" Debian and other services, hence the > concern about official versus not. You trust Raphael already by using his packages. At least there is no reason to trust him less than any other random Debian mirror provider. The good news is, you don't even need to. Neither has him nor any mirror provider authority over the Debian archive signing key and your apt checks that carefully when downloading archive meta data upon the installation of packages. [1] https://lists.debian.org/debian-devel-announce/2012/01/msg00000.html -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D
Attachment:
signature.asc
Description: OpenPGP digital signature