[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unofficial binary Debian packages considered insecure?

Brian Nelson <pyro@debian.org> writes:

> It's the reason why Debian has a maintainer application process,
> requires new maintainer gpg keys to be signed by existing developers,
> and requires all uploads to be gpg signed by a key in the Debian
> keyring.  Of course this doesn't prevent a Debian developer from doing
> evil things, but it makes it possible to track and permanently ban
> whoever did the evil things.

I don't think that he's talking about official sources, judging by the

Paul Johnson
Linux.  You can find a worse OS, but it costs more.

Attachment: pgpDur7teS4vC.pgp
Description: PGP signature

Reply to: