[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Vote for the Debian Project Leader Election 2005

* Bill Allombert (ballombe@master.debian.org) [050411 00:20]:
> On Tue, Apr 05, 2005 at 07:44:08PM -0600, Wesley J. Landaker wrote:
> > > 	No, that would be stupid. This is why we have a guard against
> > >  replay attacks.
> > 
> > But if the original vote that was signed and posted publicly was never sent 
> > in, then there wouldn't be any record of the vote--so if it was sent in at 
> > the last minute, devotee would be seeing it for the first time... 
> 
> Packages upload have a simlar issue: if you sign a package and put it on
> a public server, anyone can upload it to Debian for you, whether you
> intended it or not (even if it is not in Debian already).
> 
> The only protection we have is that katie will check if the version is
> higher than the version in sid. (so "don't do that").

And that you need an allowed distribution in the changes-file - if you
use "unstable-private" or "not-for-katie", katie will also reject it.


Cheers,
Andi
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C
Reply to: