Hans-Christoph Steiner:
> I still strongly disagree.  Very very few people care enough to learn a
> separate process.  For security to be usable, it needs to be as transparent
> and automatic as possible.  APKs and Android have demonstrated that you can
> have this kind of system working well.

Comparing .deb and APKs is misleading when talking of tools. A given
.deb will have dependencies. APKs are self-contained.

This makes `.deb` hard to use without a repository for anything
substantial. I would assume that's why Ubuntu developed the Click
package format.

> They've made the whole process easier by requiring the upstream
> developer be the manager of the signing. I think setting up a similar
> role in Debian will be quite beneficial, and dak and the package
> maintainer are natural roles to be the signer.

With the current .buildinfo signing scheme, we require the Debian
maintainer to provide a package that can be built reproducibly. Then we
can require a proof of that reproducibility from the maintainer, any
other maintainers, and any number of buildds. These assessments that a
build can be properly reproduced can come after the initial upload. We
can only do that if the .deb files do not change after they hits the

Lunar                                .''`. 
lu...@debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 

Attachment: signature.asc
Description: Digital signature

Reproducible-builds mailing list

Reply via email to