The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is it time to abandon Dpkg?



WRT MD5 checksums, PGP signatures, &c.:

There is room in the package format for this, and it can be introduced
without breaking backwards compatibility - old dpkg's will be able to
install checksummed or signed packages with no problem.

There are even several ways of doing it :-).

There are two real reasons why we don't have signatures:
 * What do we do about key certification ?  With 100-200 developers
   and distributed management key loss and revocation is going to be a
   serious issue.  We're going to have to be able to revoke an
   individual package !
 * Lack of implementation effort.

The reasons we don't yet have checksums of packages is basically lack
of effort.

When I get time to work on dpkg the new dselect interface will be my
top priority, unless someone else has got there first.

Ian.


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com