* Joerg Jaspert ([email protected]) [110903 12:44]: > > > Yeah, yeah. We've beaten that horse to death, and our side lost. I also > > advocate that all debs should be signed, but that was not the will of the > > ftp-masters the last time the issue was up for discussion. > > Thats wrong. > Since 03 Aug 2008 at least. > > See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340306#33
This means that dpkg-sig needs to be completly re-written, even though it was working quite well (before it was blocked by ftp-masters). Not exactly what I would consider helpful, but well. Anyways, I don't think discussing this topic more will gain us anything. (And also the question of signing .deb-packages is completly orthogonal from authentication of the downloaded packages files which works, and which is necessary for protection from taken over hosts like kernel.org this time). Andi -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
