Santiago Ruano Rincón <santiag...@riseup.net> wrote on 30/03/2024 at 22:59:43+0100:
> Em 30 de março de 2024 13:00:26 GMT-03:00, Marco d'Itri <m...@linux.it> > escreveu: >>On Mar 30, Jonathan Carter <j...@debian.org> wrote: >> >>> Another big question for me is whether I should really still >>> package/upload/etc from an unstable machine. It seems that it may be prudent >>If we do not use unstable for development then who is going to? >>I think that the real question is whether we should really still use >>code-signing keys which are not stored in (some kind of) HSM. >> > > The backdoor was discovered by someone using the compromised xz-utils *in > their own machines*. So we are lucky we have people eating our own sid stuff > before it becomes part of a stable release. +1 and <3 -- PEB
signature.asc
Description: PGP signature
