Re: Debian audititing tool?
On Thu, Dec 21, 2000 at 08:12:14PM +0100, Christian Kurz wrote:
> On 00-12-21 Colin Phipps wrote:
> > On Thu, Dec 21, 2000 at 04:09:07PM +0100, Christian Kurz wrote:
> > > And who will create this key? Who will have the passphrase? Who will
> > > sign the packages?
>
> > Someone on master.debian.org, presumably the ftp admins.
>
> And so you trust this admins? Just asking because some people here have
> a lot of paranoia.
Signing packages on the master mirror guards against compromised or
spoofed mirrors. Not trusting the master mirror or its admins is a
separate, and much harder problem.
--
Colin Phipps http://www.netcraft.com/
Reply to: