Wouter Verhelst <wou...@debian.org> writes:
> On Wed, Mar 17, 2010 at 04:12:46PM -0700, Russ Allbery wrote:
>> Wouter Verhelst <wou...@debian.org> writes:
>>
>> > This is not true.
>>
>> > wou...@merkel:/org/ftp.debian.org/queue/done$ ls *ges|wc -l
>> > 28969
>>
>> > These are only the *active* changes files, though:
>>
>> > wou...@merkel:/org/ftp.debian.org/queue/done$ find . -name 'nbd*ges'|wc -l
>> > 898
>>
>> > ... since no .changes file is ever thrown away:
>>
>> > wou...@merkel:/org/ftp.debian.org/queue/done$ du -sh .
>> > 7.1G
>>
>> > They may not be visible on the mirrors, but they are there.
>>
>> Ah, thank you. I didn't realize that we kept them at all.
>>
>> Note, though, that if the concern is a cryptographically strong audit
>> trail, we could still retain a link from the original *.changes file to
>> the final package with a second (possibly signed) document archived with
>> the *.changes file listing the original and final checksums of the
>> now-signed packages.
>
> True.
False.
The changes files are signed by a human and therefor have a strong trust
level. The "was XYZ is now UVW" file would have to be automatically
signed and much less trustworthy. Esspecially if you suspect someone
broke into ftp-master and modified some debs. They would just recreate
and resign the "was XYZ is now UVW" file with the automatic archive key.
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87eijif5fs....@frosties.localdomain
