On Wed, 23 Nov 2005 12:58:12 -0500, Erinn Clark <[EMAIL PROTECTED]> wrote: >* Marc Haber <[EMAIL PROTECTED]> [2005:11:23 18:40 +0100]: >> On Wed, 23 Nov 2005 17:34:41 +0100, Jeroen van Wolffelaar >> >Just to provide some statistics about dpkg-sig usage, as I got curious >> >about it too: >> > >> >In the archive, 525 out of 283283 .deb's are dpkg-sig'd (0.19%). There >> >are 8 distinct keys used for those 525 .deb's, seven of which correspond >> >to DD's[1]. >> >> So, most of the DD's do not care about security at all. Why does >> Debian have a reputation of being so secure? > >Yet just today you filed a bug (#340403) for documentation to be >included in the package since you were unable to explain dpkg-sig's >strengths.
The requested documentation is available online, and I have had the opportunity to talk to dpkg-sig's authors and independent security people about its advantages. > How is it possible for you to claim something is more secure >when you don't understand it well enough to say how it's different? Well, even if I know naught about it, it looks to me that having something signed is better than having the same something not signed. Greetings Marc -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834