* Bill Allombert ([EMAIL PROTECTED]) [050411 00:20]: > On Tue, Apr 05, 2005 at 07:44:08PM -0600, Wesley J. Landaker wrote: > > > No, that would be stupid. This is why we have a guard against > > > replay attacks. > > > > But if the original vote that was signed and posted publicly was never sent > > in, then there wouldn't be any record of the vote--so if it was sent in at > > the last minute, devotee would be seeing it for the first time... > > Packages upload have a simlar issue: if you sign a package and put it on > a public server, anyone can upload it to Debian for you, whether you > intended it or not (even if it is not in Debian already). > > The only protection we have is that katie will check if the version is > higher than the version in sid. (so "don't do that").
And that you need an allowed distribution in the changes-file - if you use "unstable-private" or "not-for-katie", katie will also reject it. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
