Re: Apt-get is insecure

To: debian-security@lists.debian.org
Subject: Re: Apt-get is insecure
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Mon, 17 Dec 2001 09:09:20 -0200
Message-id: <[🔎] 20011217090920.A2834@khazad-dum>
In-reply-to: <[🔎] 1008560059.4625.0.camel@whistler>; from red_one@othersdietrying.com on Seg, Dez 17, 2001 at 02:34:12 +1100
References: <[🔎] 1008560059.4625.0.camel@whistler>

On Mon, 17 Dec 2001, Simon Hill wrote:
> so assuming that dpkg (and/or apt?) can 
> deal with embedded gpg signiatures in .deb 
> files, how do we get maintainers to start 
> using them?

We deploy the required infrastructure to make good use of signatures in the
archive, test it, send email explaining how to sign packages to
debian-devel-announce, and then get da-katie to refuse non-signed debs.

It is better to wait for Wichert's python mass-signing script first.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Re: Apt-get is insecure
  - From: Simon Hill <red_one@othersdietrying.com>

Prev by Date: Re: Exim mail
Next by Date: Re: Spam?!?
Previous by thread: Re: Apt-get is insecure
Next by thread: Re: Apt-get is insecure
Index(es):
- Date
- Thread