Re: A thought experiment regarding tag2upload and trust

To: debian-vote@lists.debian.org
Subject: Re: A thought experiment regarding tag2upload and trust
From: Andrey Rakhmatullin <wrar@debian.org>
Date: Mon, 17 Jun 2024 13:17:06 +0500
Message-id: <[🔎] Zm_xArc_XTjP2Ng7@belkar.wrar.name>
In-reply-to: <[🔎] 20240617050019.oxmnjavykm465ma2@shell.thinkmo.de>
References: <[🔎] 87wmmvrubl.fsf@melete.silentflame.com> <[🔎] 874j9u8tnu.fsf@hands.com> <[🔎] 20240617050019.oxmnjavykm465ma2@shell.thinkmo.de>

On Mon, Jun 17, 2024 at 07:00:19AM +0200, Bastian Blank wrote:
> But maybe you can answer the question:  Given the .dsc file, how can
> you, and more critical the public, verify that you and only you signed
> that upload?

I'm surprised to learn that people check .dsc signatures, especially
as we don't really seem to support that.

-- 
WBR, wRAR

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- [RFC] General Resolution to deploy tag2upload
  - From: Sean Whitton <spwhitton@spwhitton.name>
- A thought experiment regarding tag2upload and trust
  - From: Philip Hands <phil@hands.com>
- Re: A thought experiment regarding tag2upload and trust
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: Security review of tag2upload
Next by Date: Re: Security review of tag2upload
Previous by thread: Re: A thought experiment regarding tag2upload and trust
Next by thread: Re: A thought experiment regarding tag2upload and trust
Index(es):
- Date
- Thread