Re: Official Debian digital 'branding' of debs

To: Debian-Devel List <debian-devel@lists.debian.org>
Subject: Re: Official Debian digital 'branding' of debs
From: Nicolás Lichtmaier <nick@debian.org>
Date: Sun, 20 Jun 1999 14:33:17 -0300
Message-id: <[🔎] 19990620143317.A256@debian.org>
Mail-followup-to: Debian-Devel List <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 19990618134125.B10610@quango2.watervalley.net>; from Chris Lawrence on Fri, Jun 18, 1999 at 01:41:25PM -0500
References: <[🔎] 376A06C5.F365D0E1@saab.se> <[🔎] 19990618134125.B10610@quango2.watervalley.net>

> I think when the issue has come up in the past, it's been a problem
> with there being a single point of failure in the system (the "one,
> true, Debian key").  Just because nobody's hacked RH's system to get
> the key doesn't mean it won't happen...

 But there IS a single point of failure. All solutions you can image will
have that. If you have developers sign packages with their own keys, you'll
need a mean to `authorize' developers, in the form of a Debian signature to
the developers' signature.
 Besides, another security measure we need to take sometime in the future is
automatic building of all packages for all architectures. In this way we can
assure that a binary match the sources.

Reply to:

Follow-Ups:
- Re: Official Debian digital 'branding' of debs
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- Official Debian digital 'branding' of debs
  - From: Gunnar.Isaksson@saab.se
- Re: Official Debian digital 'branding' of debs
  - From: Chris Lawrence <quango@watervalley.net>

Prev by Date: Re: Official Debian digital 'branding' of debs
Next by Date: Re: All swirl themes packaged? [was Re: Swirl theme for FVWM]
Previous by thread: Re: Official Debian digital 'branding' of debs
Next by thread: Re: Official Debian digital 'branding' of debs
Index(es):
- Date
- Thread