On Fri, Mar 29, 2024 at 09:09:45PM +0100, Sirius wrote:
Hi there,
This is quite actively discussed on Fedora lists.
https://www.openwall.com/lists/oss-security/2024/
https://www.openwall.com/lists/oss-security/2024/03/29/4
Worth taking a look if action need to be taken on Debian.
Speaking about that, I'm a simple guy: how can anyone trust
sources signed by an unsigned-gnupg-key committer (I mean both the
actors of this tragically ridicolous drama)?
In 2024. Really?
Even the unperfect web-of-trust is better than nothing at all.
--
⢀⣴⠾⠻⢶⣦⠀ Francesco Paolo Lovergine
⣾⠁⢠⠒⠀⣿⡁ Debian Developer
⢿⡄⠘⠷⠚⠋⠀ 0579 A97A 2238 EBF9 BE61
⠈⠳⣄⠀⠀⠀⠀ ED02 0F02 A5E1 1636 86A4