Re: Unofficial binary Debian packages considered insecure?

To: debian-user@lists.debian.org
Subject: Re: Unofficial binary Debian packages considered insecure?
From: Paul Johnson <baloo@ursine.ca>
Date: Fri, 28 May 2004 22:35:19 -0700
Message-id: <[🔎] 87d64nx0bs.fsf@ursine.ca>
In-reply-to: <[🔎] 871xl3sv0h.fsf@scabbers.bignachos.com> (Brian Nelson's message of "Sat, 29 May 2004 01:43:42 -0300")
References: <[🔎] 7w8yfcqq8i.fsf@i19.ruc.dk> <[🔎] 871xl3sv0h.fsf@scabbers.bignachos.com>

Brian Nelson <pyro@debian.org> writes:

> It's the reason why Debian has a maintainer application process,
> requires new maintainer gpg keys to be signed by existing developers,
> and requires all uploads to be gpg signed by a key in the Debian
> keyring.  Of course this doesn't prevent a Debian developer from doing
> evil things, but it makes it possible to track and permanently ban
> whoever did the evil things.

I don't think that he's talking about official sources, judging by the
subject.

-- 
Paul Johnson
<baloo@ursine.ca>
Linux.  You can find a worse OS, but it costs more.

Attachment: pgpH1JN08Tk5L.pgp
Description: PGP signature

Reply to:

References:
- Unofficial binary Debian packages considered insecure?
  - From: gnalle@ruc.dk (Niels L. Ellegaard)
- Re: Unofficial binary Debian packages considered insecure?
  - From: Brian Nelson <pyro@debian.org>

Prev by Date: Re: Unofficial binary Debian packages considered insecure?
Next by Date: Re: X fails to find my vidio card
Previous by thread: Re: Unofficial binary Debian packages considered insecure?
Next by thread: Re: Unofficial binary Debian packages considered insecure?
Index(es):
- Date
- Thread