Micah Anderson wrote:
> The most obvious candidate to me is on the alioth
> machine. Although this resource is available, it may cause some security
> concerns for people to have it there, due to the large number of
> people who have access to the box. Perhaps its not an issue?
I don't think that storing it on Alioth for now would be a problem.
If DTSAs have SHA-1 or SHA-256 checksums for the fixed packages and
PGP signatures, compromised binaries would be noticed. Access to
security.d.o is restricted because of embargoed disclosure, which is
not the case for secure-testing.
Cheers,
Moritz
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
