Re: Automatic Debian security updates, an Implementation
>IMHO there is no lack of interesting ideas - what we really need are
Ja. I just have to find the time. :)
>apt-check-sigs is a nice proof-of-concept, and the debsigs stuff could
>also improve security significantly. Together, I'd say they'd suffice to
>make the debian mirrors extremely tamper-proof.
>But apt-check-sigs is lacking nice integration into existing tools, and
>debsigs doesn't really work, because packages are not signed, which is
>IMHO caused by inappropriate helper tools at packaging time.
Hrm. I guess I'll have to check into those.
>So implementing these tools, and then changing policy to make package
>signatures mandatory, seems to be the most feasible approach.
Making package sigs mandatory is the critical bit, IMHO.
"Alt text doesn't pop up unless you use an ancient browser from the days of
yore. The relevant standards clearly indicate that it should not, and I
only know about one browser released in the last two years that violates
this, and it's still claiming compatibility with Mozilla 4 (which was
obsolete quite long ago), so it really can't be considered a modern
browser." --jonadab, in a slashdot.org comment.