Re: Future security problem (was Re: be careful with Replaces, please)

On Mon, 1 Dec 1997, Marcelo E. Magallon wrote: > Am I the only one seeing a bit of a problem here? (Or am I missing > something I should know?) That is, PGP is non-US. To be able to put PGP > in the main distribution, the master FTP site has to be moved off the US. > I don't have a problem with t

Re: Future security problem (was Re: be careful with Replaces, please)

Christian Schwarz wrote: > > I suggest that we add a new control field to our packages called > "Origin:" (or similar). This could either be set to "SPI" or > "Debian", for example. Then, all Debian packages should be signed > with some PGP key (either only one key for the whole system or by > the

Re: Future security problem (was Re: be careful with Replaces, please)

On Mon, 1 Dec 1997, Christian Schwarz wrote: > The default keyring would probably be the developers keyring. The > sysadmin could then add new keys of persons/organziations which he/she > trusts to that keyring. > Comments? Err... yes. Am I the only one seeing a bit of a problem here? (Or am I

Re: Future security problem (was Re: be careful with Replaces, please)

On Sun, 30 Nov 1997, Brandon Mitchell wrote: > I'd also be interested in some kind of verification, so I can accept all > packages put together by some maintainer, and the maintainers on the > debian keyring, but no one else. I had exactly the same idea in the previous KDE/virtual package discus

Re: Future security problem (was Re: be careful with Replaces, please)

Brandon Mitchell wrote: > > I can see a security problem with this. Lets jump ahead several months > when we have deity working. A user points deity to several sites, some > providing a bunch of debs that they have created but don't want to be part > of the main distribution. Now they upload a

Re: Future security problem (was Re: be careful with Replaces, please)

Brandon Mitchell <[EMAIL PROTECTED]> wrote: > I can see a security problem with this. Absolutely: pre/post inst/rm scripts run as root, this is the security problem to dwarf all other security problems. Our defense is a wide audience. The more people we have looking at the system, the better

Future security problem (was Re: be careful with Replaces, please)

> > Greg Stark writes: > > > We've got be be a little more careful with the Replaces header. I just > > > installed the libc6 version of comerr, and dpkg helpfully deinstalled > > > e2fsprogs. I can see a security problem with this. Lets jump ahead several months when we have deity working.