Control: tag -1 wontfix
On Tue, 2018-03-13 at 13:47:10 -0400, Konstantin Ryabitsev wrote:
> On 03/13/18 05:33, Uwe Kleine-König wrote:
> >>> But it also has an impact on security: As long as the signature isn't
> >>> verified I have to consider the .tar.xz "untrusted" and the less tools I
> >>>
Processing control commands:
> tag -1 wontfix
Bug #882694 [dpkg-dev] dpkg-source: please add support for upstream signature
on uncompressed tarball
Added tag(s) wontfix.
--
882694: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882694
Debian Bug Tracking System
Contact ow...@bugs.debian.org
On 03/13/18 05:33, Uwe Kleine-König wrote:
>>> But it also has an impact on security: As long as the signature isn't
>>> verified I have to consider the .tar.xz "untrusted" and the less tools I
>>> have to make operate on it the better. This scheme allows an attacker
>>> that has control over a
Hello Konstantin,
On Mon, Mar 12, 2018 at 05:20:26PM -0400, Konstantin Ryabitsev wrote:
> On 03/08/18 05:15, Uwe Kleine-König wrote:
> > The kernel.org archive provides signatures for the software available
> > (which is great!). The method to verify these according to
> >
> >
> >
4 matches
Mail list logo
