On 05/11/15 07:07, Remi Gacogne wrote:
> Hi,
>
> I have been thinking about the DB signing feature recently, and I have
> dug up old emails regarding this topic. If I understand correctly:
>
> - we would like database signing to prevent an attacker from messing
> with the information contained in
On 04/11, Remi Gacogne wrote:
- requiring TU and devs to sign the database when publishing a package
is not easy and ;
It shouldn't be particularly hard, someone just has to do the work on
devtools to support it.
- we don't want to have a package-signing key online if we can prevent
it,
N
Hi,
I have been thinking about the DB signing feature recently, and I have
dug up old emails regarding this topic. If I understand correctly:
- we would like database signing to prevent an attacker from messing
with the information contained in the database, being at rest on a
mirror or in flight
