Re: Vote for the Debian Project Leader Election 2005
On Tue, Apr 05, 2005 at 07:44:08PM -0600, Wesley J. Landaker wrote:
> > No, that would be stupid. This is why we have a guard against
> > replay attacks.
> But if the original vote that was signed and posted publicly was never sent
> in, then there wouldn't be any record of the vote--so if it was sent in at
> the last minute, devotee would be seeing it for the first time...
Packages upload have a simlar issue: if you sign a package and put it on
a public server, anyone can upload it to Debian for you, whether you
intended it or not (even if it is not in Debian already).
The only protection we have is that katie will check if the version is
higher than the version in sid. (so "don't do that").
Imagine a large red swirl here.