Re: Vote for the Debian Project Leader Election 2005
* Bill Allombert (firstname.lastname@example.org) [050411 00:20]:
> On Tue, Apr 05, 2005 at 07:44:08PM -0600, Wesley J. Landaker wrote:
> > > No, that would be stupid. This is why we have a guard against
> > > replay attacks.
> > But if the original vote that was signed and posted publicly was never sent
> > in, then there wouldn't be any record of the vote--so if it was sent in at
> > the last minute, devotee would be seeing it for the first time...
> Packages upload have a simlar issue: if you sign a package and put it on
> a public server, anyone can upload it to Debian for you, whether you
> intended it or not (even if it is not in Debian already).
> The only protection we have is that katie will check if the version is
> higher than the version in sid. (so "don't do that").
And that you need an allowed distribution in the changes-file - if you
use "unstable-private" or "not-for-katie", katie will also reject it.
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C