Goswin von Brederlow <goswin-...@web.de> writes: > The changes files are signed by a human and therefor have a strong trust > level. The "was XYZ is now UVW" file would have to be automatically > signed and much less trustworthy.
This objection makes no sense to me. The archive key is *much* more trusted in practice than the individual DD keys. Haven't you been advocating using the Packages file for this purpose, which is signed by exactly the same key that would be doing this signature? > Esspecially if you suspect someone broke into ftp-master and modified > some debs. Which they can do just as easily if you rely only on Packages. Even more easily, in fact. The problems that you are citing here are problems that we already have; that, in fact, are much worse now than they would be under that proposed scheme. (However, I will note that your *.changes idea does offer some additional protection there over the scheme that I was considering.) -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/878w9ph328....@windlord.stanford.edu
