The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with reformatting package announcements



On Thu, 14 Mar 1996, Ian Jackson wrote:

> Bill Mitchell writes ("Re: Problem with reformatting package announcements"):
> ...
> > 1.  The pgp-signed changes file is uploaded with the packages (or,
> >     possibly, emailed separately to a distribution maintenance address
> >     after package file upload).
> ...
> > I don't know about pgp signing of the public announcements.  If that's
> > deemed appropriate, I presume that they'd be signed by the debian
> > distribution maintainer, since he's sufficiently satisfied by having
> > verified the changes file signature to stand behind its pedegree.
[...] 
> I disagree.  It is bad cryptographic practice to check a signature and
> then to remove it and then apply your own.
> 
> It is better to provide the recipient with more information by
> supplying them with the package maintainer's signature.

I don't claim any special expertise in cryptographic practices.  It's
my understanding from email discussions with Bruce P. that the package
announcements from the distribution site wouldn't be verbatim requoting
of the changes file, but something intended for better human readability
(e.g., with the Files section reformatted, and probably other changes).
In any case, it'd be something for the distribution maintainer to decide.