On Sat, 27 Aug 2005, Henrique de Moraes Holschuh wrote: > For this to work, you need a master s.d.o mirror, and automatic signing (so > that you can keep the timestamping as low as a few hours). This gives you a > mirror network, with the same single "owning" point of failure we have right > now.
Add to it requiring messages to have more than one signature, so that the sec. team remains the single one point of failure for .deb injection. The point about secure time keeping is a good one, and the perfect solution (an authenticated ntp server) ain't doable. So, we'd have to rely on the user being capable of keeping his clock accurate and noticing if it is off by too much with some prompting by apt. Not a perfect solution at all :( -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]