[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Vote for the Debian Project Leader Election 2005

On Mon, 11 Apr 2005 10:33:46 +0200, Andreas Barth <aba@not.so.argh.org> said: 

> * Bill Allombert (ballombe@master.debian.org) [050411 00:20]:
>> On Tue, Apr 05, 2005 at 07:44:08PM -0600, Wesley J. Landaker wrote:
>> > > 	No, that would be stupid. This is why we have a guard against
>> > >  replay attacks.
>> > 
>> > But if the original vote that was signed and posted publicly was
>> > never sent in, then there wouldn't be any record of the vote--so
>> > if it was sent in at the last minute, devotee would be seeing it
>> > for the first time...
>> Packages upload have a simlar issue: if you sign a package and put
>> it on a public server, anyone can upload it to Debian for you,
>> whether you intended it or not (even if it is not in Debian
>> already).
>> The only protection we have is that katie will check if the version
>> is higher than the version in sid. (so "don't do that").

> And that you need an allowed distribution in the changes-file - if
> you use "unstable-private" or "not-for-katie", katie will also
> reject it.

	Similarly, you can just remove the uuid from the ballot before
 you publish it -- devotee shall reject that ballot.

I went to a Grateful Dead Concert and they played for SEVEN hours.
Great song. Fred Reuss
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: