[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compromising Debian Repositories


I need a reality check, as it's unclear to me what are the goals of
this discussion.

Does anyone involved plan to work on improving things, and then we're
discussing where it would be best to focus their energy? If that's the
case, then I suggest we try to design solutions with baby steps that
can realistically be implemented on the short term.

Or is the goal simply to assess the security of our current
infrastructure in various threat models? If that's the case, then how
about clearly writing these threat models so that we can then reason
on the same basis?

Or is the goal something entirely different that I missed?

  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

Reply to: