also sprach Thomas Bushnell BSG <tb@becket.net> [2004.08.24.0312 +0200]: > But how does this "false sense" cause a problem? For example, if > users regularly scanned all the source code on their system, and > this would cause them to stop doing so, then the false sense would > be a problem! I see that I am a little off with the false sense of security. I just had many a user tell me that package signatures solves all problems and insures that no trojans can be distributed. And this is a belief that I think needs to be addressed at the same time as introducing package signatures. > Please don't speak of "the issue". There are many issues, True enough. > and why I object to your "do nothing" proposal, as that it seems > to me that you are saying we should solve any of these issues > until we can solve them all. This attitude is facilitated by > treating it as "the issue", which isn't solved (in your mind) > unless it is solved in its entirety. Also, true. > Instead, think about it as many different issues. We can solve > one of them, and thus make progress, without necessarily having > solved every one. I mainly wanted to bring the "issue" up for disucssion. Unfortunately, I am really unable these days to instantiate countermeasures. > The logical conclusion from your arguments is that we should > actually remove the ssh package from Debian! How so? -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature