[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Time for apt-secure?

Bernd Eckenfels wrote:
Developers dont release all binary packages and users normally dont download
source packages. So it is not that easy.

Yes, I did note that "there are many wrinkles to iron out". That's not the point I am trying to make. I don't think anyone would be foolish enough to think apt-secure provides "total security".

What I am suggesting is that it's really silly for Debian not to try to benefit from the potential added security that apt-secure could provide. Much of the needed infrastructure is already in place. Additionally, Debian's closely nit social network is ideally suited for a small-scale public-key solution.

Unfortunately my current situation does not allow me to sit down and actually work on the code. However, I would be glad to provide ideas and input to anyone doing so. I have some experience in the theory of public key trust networks, and would be glad to lend a hand.

Camillo Särs <+ged+@iki.fi>              **  Aim for the impossible and you
<http://www.iki.fi/+ged>                 **   will achieve the improbable.
PGP public key available                 **

Reply to: