[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt 0.6 and how it does *not* solve the problem



also sprach Thomas Bushnell BSG <tb@becket.net> [2004.08.24.0312 +0200]:
> But how does this "false sense" cause a problem?  For example, if
> users regularly scanned all the source code on their system, and
> this would cause them to stop doing so, then the false sense would
> be a problem!  

I see that I am a little off with the false sense of security.
I just had many a user tell me that package signatures solves all
problems and insures that no trojans can be distributed. And this is
a belief that I think needs to be addressed at the same time as
introducing package signatures.

> Please don't speak of "the issue".  There are many issues,

True enough.

> and why I object to your "do nothing" proposal, as that it seems
> to me that you are saying we should solve any of these issues
> until we can solve them all.  This attitude is facilitated by
> treating it as "the issue", which isn't solved (in your mind)
> unless it is solved in its entirety.

Also, true.

> Instead, think about it as many different issues.  We can solve
> one of them, and thus make progress, without necessarily having
> solved every one.

I mainly wanted to bring the "issue" up for disucssion.
Unfortunately, I am really unable these days to instantiate
countermeasures.

> The logical conclusion from your arguments is that we should
> actually remove the ssh package from Debian!

How so?

-- 
Please do not CC me when replying to lists; I read them!
 
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature


Reply to: