Re: Revocation list for old packages with security holes (was: Re: Revival of the signed debs discussion)

Julian Mehnle [EMAIL PROTECTED] writes: Joey Hess [EMAIL PROTECTED] wrote: Goswin von Brederlow wrote: What can we do with deb signatures? For our current problem, the integrity of the debian archive being questioned, the procedure would be easy and available to every user:

Re: Revocation list for old packages with security holes (was: Re: Revival of the signed debs discussion)

* Julian Mehnle ([EMAIL PROTECTED]) [031210 13:40]: Joey Hess [EMAIL PROTECTED] wrote: Goswin von Brederlow wrote: What can we do with deb signatures? For our current problem, the integrity of the debian archive being questioned, the procedure would be easy and available to every

RE: Revocation list for old packages with security holes

Goswin von Brederlow wrote: Julian Mehnle [EMAIL PROTECTED] writes: We could use a revocation list where signatures of packages with known security holes are listed as being revoked. Of course, you'd need to be online to check it when installing/updating packages. And the revocation list

Re: Revocation list for old packages with security holes

Julian Mehnle [EMAIL PROTECTED] writes: Goswin von Brederlow wrote: Julian Mehnle [EMAIL PROTECTED] writes: We could use a revocation list where signatures of packages with known security holes are listed as being revoked. Of course, you'd need to be online to check it when