Re: Signing Packages.gz

To: debian-devel@lists.debian.org
Subject: Re: Signing Packages.gz
From: Joey Hess <joeyh@debian.org>
Date: Mon, 3 Apr 2000 21:18:58 -0700
Message-id: <20000403211858.Y29243@kitenet.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <20000401141904.D25544@azure.humbug.org.au>; from aj@azure.humbug.org.au on Sat, Apr 01, 2000 at 02:19:04PM +1000
References: <20000401121501.A25544@azure.humbug.org.au> <Pine.LNX.3.96.1000331193923.27820B-100000@wakko.deltatee.com> <20000401141904.D25544@azure.humbug.org.au>

Anthony Towns wrote:
> Just about everything is prone to the hack-a-mirror thing at the very
> first point. If you hack-a-mirror and change James' key in debian-keyring,
> and no one has a copy of debian-keyring already do compare it against,
> you're stuck.
> 
> The dinstall key could be verified by:
> 
> 	* the web of trust, and having the ftp-team sign it
> 
> 	* putting a fingerprint on the website and in Debian books,
> 	  and making it easy for people to verify said fingerprint

*** Warning, duplicate subthread detected ***

Original thread: http://www.debian.org/Lists-Archives/debian-devel-9906/thrd3.html#01350
Most relevant summary message: http://www.debian.org/Lists-Archives/debian-devel-9906/msg01428.html
DWN Summary: http://www.debian.org/News/weekly/1999/24/

This has been a public service announcement, courtesy of DWN.

Reply to:

Prev by Date: Re: first draft "aptitude howto"
Next by Date: Re: New shmfs and Debian
Previous by thread: Re: Signing Packages.gz
Next by thread: Re: Packages removed from potato
Index(es):
- Date
- Thread