Package: lists.debian.org Severity: wishlist Hi, it is a known issue that sometimes DSA ids are reused on debian-security-announce due to human race conditions or not paying enough attention. Also this was recently discussed again on the security list[0].
There is already some sanity checking on the body of the DSA mail and a signature check as far as I know. Is it feasible to reject mails as well if they use a previously allocated DSA id? I would imagine this may be problematic as all current checks can be performed solely by looking at the incoming email instead of looking at the archive. Nonetheless, as there have been more than 20 reuses in the last years, I thought I'd ask if this is possible in the first place. [0] http://lists.debian.org/debian-security/2012/09/msg00016.html Kind regards Nico -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA
pgpBLojDjS49C.pgp
Description: PGP signature
