On Sat, Dec 30, 2017 at 6:57 PM, peter green wrote:
> * what keys would be used to sign these re-signed release files? You
> wouldn't want to use a regular Debian archive key because you wouldn't want
> people to be able to use snapshots to attack Debian users.
They would have to be separate
On 27/12/17 23:42, Paul Wise wrote:
On Thu, Dec 28, 2017 at 5:41 AM, peter green wrote:
Unfortunately there doesn't seem to be a good way to securely retrive a dsc
from snapshot.debian.org given a package name and version number.
At this time there isn't any good way to do that securely,
On Thu, Dec 28, 2017 at 5:41 AM, peter green wrote:
> Unfortunately there doesn't seem to be a good way to securely retrive a dsc
> from snapshot.debian.org given a package name and version number.
At this time there isn't any good way to do that securely, until
#763419 gets implemented.
