* David Kalnischkies , 2014-06-18, 14:11:
[0] And his skepticism was reinforced by (independent) discovery of
this bug: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1098738
*sigh* and this is still open? 8-O
Before someone is rushing to work on that (sorry, I was dreaming)… we
actua
Christoph Anton Mitterer dijo [Fri, Jun 20, 2014 at 10:24:07PM +0200]:
> > I do feel the keyring-maint package is a leftover from days long
> > gone. Nowadays the keyring is kept at a DVCS tree, and regularly
> > exported to a publicly accessible instance.
> Any reason for that "internal" repo? I m
Raphael Hertzog dijo [Fri, Jun 20, 2014 at 09:17:25AM +0200]:
> > FWIW, I was thinking about including the possible disappearance as one
> > of the points to talk about in the DebConf BoF we proposed regarding
> > keyring-maint.
>
> Why not switch it to something more dynamic ?
>
> Make the packa
On Fri, 2014-06-20 at 09:17 +0200, Raphael Hertzog wrote:
> Why not switch it to something more dynamic ?
Sounds good...
> Make the package an empty shell with symlinks pointing to
> /var/lib/debian-keyring/, add a cron job that rsyncs the keyring
> to that directory.
I've just thought about th
On Thu, 2014-06-19 at 21:25 -0500, Gunnar Wolf wrote:
> Thanks for bringing this topic up. I'm snipping your very detailed
> implementation proposal, which does not sound like it was written at
> 4AM at all ;-)
;-)
> I do feel the keyring-maint package is a leftover from days long
> gone. Nowada
Hi,
On Thu, 19 Jun 2014, Gunnar Wolf wrote:
> FWIW, I was thinking about including the possible disappearance as one
> of the points to talk about in the DebConf BoF we proposed regarding
> keyring-maint.
Why not switch it to something more dynamic ?
Make the package an empty shell with symlinks
Christoph Anton Mitterer dijo [Wed, Jun 18, 2014 at 04:21:36AM +0200]:
> On Mon, 2014-06-16 at 20:14 +0200, Jakub Wilk wrote:
> > debian-keyring is not useful for automatic authentication of source
> > packages.
> Well to be honest I never fully understood the idea behind
> debian-keyring...
> IM
(so not going to comment on the first part of the thread, beside maybe:
Its really sad that it is even suggested that DDs would need a technical
solution for the inherently social problem of a co-worker dying…)
On Wed, Jun 18, 2014 at 04:21:36AM +0200, Christoph Anton Mitterer wrote:
> On Mon, 201
On Mon, 2014-06-16 at 20:14 +0200, Jakub Wilk wrote:
> debian-keyring is not useful for automatic authentication of source
> packages.
Well to be honest I never fully understood the idea behind
debian-keyring...
IMHO this should be actually debian-developers-keyring and it should be
intended just
* Christoph Anton Mitterer , 2014-06-16, 19:50:
Thomas mentioned that things would have been more secure if the buildds
and e.g. pbuilder pulls in debian-keyring automatically and verify
maintainer signatures.
debian-keyring is not useful for automatic authentication of source
packages. The s
Hey Thijs.
On Thu, 2014-06-12 at 19:31 +0200, Thijs Kinkhorst wrote:
> You raise a lot of broad concerns under the header "holes in secure apt"
> which
> I'm afraid does not much to get us closer to a more secure Debian.
Well I admit, that first this is just a lot of words... but I think
that's
On Thu, Jun 12, 2014 at 07:31:14PM +0200, Thijs Kinkhorst wrote:
> I think a better way than to create such a policy would be to create a simple
> framework that does in-package downloading "right" and that downloader
> packages can depend on and call from their scripts (a bit like dbconfig-
> co
12 matches
Mail list logo
