Quoting Bill Kendrick ([EMAIL PROTECTED]): > Sean 'Shaleh' Perry from the Debian project's coming to speak in > December. We can hound him then. ;^)
That would be good, because he just got through talking about Debian package distribution and security at the Internet Developers' Group at Netscape HQ, last month. He covers, among other things, the extent of risk from various threat models, including a compromised downstream package mirror such as the one UCB reportedly had. Grill him on it. ;-> (That stuff in http://linuxmafia.com/~rick/linux-info/debian-package-signing partially reflects conversations on the subject I've had with Sean and with Joey Hess, in the past.) -- Cheers, My pid is Inigo Montoya. You kill -9 Rick Moen my parent process. Prepare to vi. [EMAIL PROTECTED] _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
