On Tue, Apr 14, 1998 at 12:34:43AM +0200, Marco d'Itri wrote:
> On Apr 09, Manoj Srivastava <[EMAIL PROTECTED]> wrote:
>
> >Those files are small. One can copy them back easily (using
> > ftp, even), sign them locally, and upload two tiny files.
> That's not enough. After I signed the .chang
On Apr 09, Manoj Srivastava <[EMAIL PROTECTED]> wrote:
> Those files are small. One can copy them back easily (using
> ftp, even), sign them locally, and upload two tiny files.
That's not enough. After I signed the .changes and .dsc files (and moved
back the other files from REJECT/) I rece
> Can someone hack dinstall to install packages which are not PGP
> signed but has been copied to incoming? If the UID of the files is
> the one of a developer we can know who did upload the package.
No, because the upload queues also use known UIDs, but may allow
everyone to upload. (BTW, the qu
Hi,
>>"Marco" == Marco d'Itri <[EMAIL PROTECTED]> writes:
Marco> On Apr 08, Vincent Renardias <[EMAIL PROTECTED]> wrote:
>> Anyway, I fail to see WHY we should allow non PGP signed packages.
Marco> Because it's not easy to sign .dsc and .changes files via a ssh
Marco> pipe when compiling packages
On Apr 08, Vincent Renardias <[EMAIL PROTECTED]> wrote:
>Definatly not an option, since people uploading anonymously to chiark
>would be able to upload whatever in the distribution since the files
>arrive in Incoming/ with IanJ's UID (also hold for other upload queues).
We could maintain a list
On Wed, Apr 08, 1998 at 08:50:56PM +0100, Enrique Zanardi wrote:
> On Wed, Apr 08, 1998 at 08:23:48PM +0200, Marco d'Itri wrote:
> > Can someone hack dinstall to install packages which are not PGP signed
> > but has been copied to incoming? If the UID of the files is the one of a
> > developer we c
On Wed, 8 Apr 1998, Marco d'Itri wrote:
> Can someone hack dinstall to install packages which are not PGP signed
> but has been copied to incoming? If the UID of the files is the one of a
> developer we can know who did upload the package.
Definatly not an option, since people uploading anonymou
On Wed, Apr 08, 1998 at 08:23:48PM +0200, Marco d'Itri wrote:
> Can someone hack dinstall to install packages which are not PGP signed
> but has been copied to incoming? If the UID of the files is the one of a
> developer we can know who did upload the package.
No. We know which account the upload
Can someone hack dinstall to install packages which are not PGP signed
but has been copied to incoming? If the UID of the files is the one of a
developer we can know who did upload the package.
--
ciao,
Marco
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble
9 matches
Mail list logo
