also sprach Henrique de Moraes Holschuh <hmh@debian.org> [2005.08.27.1540 +0200]:
> > security.debian.org already is a Single Point of Ownership. I don't
> > think we need multiple ones, so this is definitely a post-etch thing.
>
> Irrelevant if secure apt is deployed correctly.
No. Imagine exim gets a root exploit and I spoof the DNS to some
mirror of s.d.o. That mirror will be consistent wrt secure APT, but
it won't get updates, so admins who don't follow DSAs and run
apt-get upgrade consciously and carefully are going to be left in
the naive belief that they are safe because s.d.o doesn't have any
new stuff.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver!
perl -e 'print "The earth is a disk!\n" if ( "a" == "b" );'
(dedicated to nori)
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)