On Mon, Sep 27, 1999 at 11:22:32AM -0500, Steve Greenland wrote:
I think the key difference is that if some one screws with the BTS or
the Debian web site, it's not going to *me* any harm during the time
it takes to discover and undo the damage. If someone installs a bad or
malicious libc6 in
Raul Miller wrote:
Which implies that we should validate packages against developer's key
before install, and that we should have some kind of list indicating
which developers are working on which package for which architecture
which is maintained under tighter control than the mirrors.
We
On 27-Sep-99, 00:44 (CDT), Joey Hess [EMAIL PROTECTED] wrote:
I think it should be possible to come up with a structure where ftp site
maintainers need not be trusted. The key to doing so is making it possible
for any change such a person makes to be logged, and reversable.
The reason I
Steve Greenland wrote:
I think the key difference is that if some one screws with the BTS or
the Debian web site, it's not going to *me* any harm during the time
it takes to discover and undo the damage. If someone installs a bad or
malicious libc6 in the archive, a buncha people could get
Joey Hess wrote:
I think it should be possible to come up with a structure where ftp site
maintainers need not be trusted. The key to doing so is making it possible
for any change such a person makes to be logged, and reversable.
Anyone can manipulate bugs in the
5 matches
Mail list logo