Re: deb-multimedia repository

To: debian-user@lists.debian.org
Subject: Re: deb-multimedia repository
From: Zenaan Harkness <zen@freedbms.net>
Date: Wed, 21 Aug 2013 22:20:27 +1000
Message-id: <[🔎] CAOsGNSRu97tEx3yDp6ShM+bg9CvzDZsMENTV48STZAs-tXUAeA@mail.gmail.com>
In-reply-to: <[🔎] 1377085425.1192.65.camel@archlinux>
References: <[🔎] 521492D8.4060203@mi.parisdescartes.fr> <[🔎] 20130821113819.GF19648@well-adjusted.de> <[🔎] 1377085425.1192.65.camel@archlinux>

On 8/21/13, Ralf Mardorf <ralf.mardorf@alice-dsl.net> wrote:
> On Wed, 2013-08-21 at 13:38 +0200, Jochen Spieker wrote:
>> Essentially, you have a chicken and egg problem.
>
> Wrong!

Subtle!

> Keys usually are available by a keyserver you could trust, so for the
> first time you'll get the key this way. Such a package will update keys
> as long as the older keys still can be used.

This makes sense, but aren't you just pushing the "chicken or egg"
problem to the keyserver?

Ie, how do you trust the keyserver?

If this 'problem' were not the case, then why does not the packages
pre-depends on -keyring, and automatically install it first, without
any security problems, and without any warning to user?

Surely if this were possible, that's what would be done?

Regards
Zenaan

Reply to:

Follow-Ups:
- Re: deb-multimedia repository
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>

References:
- deb-multimedia repository
  - From: François Patte <francois.patte@mi.parisdescartes.fr>
- Re: deb-multimedia repository
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: deb-multimedia repository
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>

Prev by Date: Re: deb-multimedia repository
Next by Date: Re: deb-multimedia repository
Previous by thread: Re: deb-multimedia repository
Next by thread: Re: deb-multimedia repository
Index(es):
- Date
- Thread