Re: Vote for the Debian Project Leader Election 2005
On Mon, 11 Apr 2005 10:33:46 +0200, Andreas Barth <aba@not.so.argh.org> said:
> * Bill Allombert (ballombe@master.debian.org) [050411 00:20]:
>> On Tue, Apr 05, 2005 at 07:44:08PM -0600, Wesley J. Landaker wrote:
>> > > No, that would be stupid. This is why we have a guard against
>> > > replay attacks.
>> >
>> > But if the original vote that was signed and posted publicly was
>> > never sent in, then there wouldn't be any record of the vote--so
>> > if it was sent in at the last minute, devotee would be seeing it
>> > for the first time...
>>
>> Packages upload have a simlar issue: if you sign a package and put
>> it on a public server, anyone can upload it to Debian for you,
>> whether you intended it or not (even if it is not in Debian
>> already).
>>
>> The only protection we have is that katie will check if the version
>> is higher than the version in sid. (so "don't do that").
> And that you need an allowed distribution in the changes-file - if
> you use "unstable-private" or "not-for-katie", katie will also
> reject it.
Similarly, you can just remove the uuid from the ballot before
you publish it -- devotee shall reject that ballot.
manoj
--
I went to a Grateful Dead Concert and they played for SEVEN hours.
Great song. Fred Reuss
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: