The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with reformatting package announcements

Bill Mitchell writes ("Re: Problem with reformatting package announcements"):
...
> 1.  The pgp-signed changes file is uploaded with the packages (or,
>     possibly, emailed separately to a distribution maintenance address
>     after package file upload).
...
> I don't know about pgp signing of the public announcements.  If that's
> deemed appropriate, I presume that they'd be signed by the debian
> distribution maintainer, since he's sufficiently satisfied by having
> verified the changes file signature to stand behind its pedegree.
> I also presume that they'd be signed by a psuedo-person (e.g.,
> "Debian Distribution Maintainer <debian_dist_maintainer@debian.org>"
> instead of being signed with the true identity of whoever the
> current distribution maintainer happens to be (this, of course,
> to prevent the need for lots of housekeeping when the distribution
> maintainer seat changes occupants.

I disagree.  It is bad cryptographic practice to check a signature and
then to remove it and then apply your own.

It is better to provide the recipient with more information by
supplying them with the package maintainer's signature.

Ian.