The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC: Proposal for signed packages

To: debian-private@lists.debian.org
Subject: Re: RFC: Proposal for signed packages
From: Fabien Ninoles <ninf01@ptah.GEL.USherb.CA>
Date: Wed, 12 Feb 1997 12:49:54 -0500 (EST)
Importance: low
In-reply-to: <87u3ni2zp5.fsf@abraxas.burg.oche.de>
Priority: non-urgent
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"6wn9X1.0.862.bGW0p"@master.debian.org>
Resent-reply-to: debian-private@lists.debian.org
Resent-sender: debian-private-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----

On 12 Feb 1997, Christian Leutloff wrote:

> > - One Debian developer should be choosen to sign with that key every
> > new release of a package. (Perhaps Guy Maor, via his dinstall script?).
> 
> this requires an automated procedure. Guy can't check all packages
> manually. So it's possible to get a trojan signed by Guy oder the
> Debian project. It's really bad for debian to officially sign a
> trojan!! So it's better to get all packages signed by persons
> individuelly. In the cases where it isn't possible there can be
> someone signing for another developer.
> 
> Please, don't do (mostly) automated signing!!
> 

Sure not! automated signing are the best way to authentified Trojan 
horse! In place, signed the md5sums of all packages. That's only to 
ensure that's everything looks ok.

I'll make again my old proposal who was never replied (no pros no cons) 
but I'm still thinking is a good idea:
3 distributions:

	1 unstable, where gone incoming packages.
	1 frozen, where gone well known stable packages
	1 stable, where gone stable *and* secure signed packages 

Release will be made from frozen to stable. Developpers always send new 
packages to unstable and must send a request to the test board for 
upgrading to frozen. Changes file will help against this decision.

Why having a unstable and a permanent frozen? To avoid bugs introduce by 
upstream version, newbie maintainers (like me) and unstable release. 
Often, we just can't know how many bugs we have and how much time it will 
take to solve them.

I would like some reply cause my english are still in Alpha and I can 
make mistake. Thanks!

- ---------------------------------------------------------------
 Little Billy goes to the zoo:
   "Looks mom! An elephant like those on the Web!"
- ---------------------------------------------------------------
Fabien Ninoles aka le Veneur aka le Corbeau     
E-mail: fab@tzone.org
WebPage: http://www-edu.gel.usherb.ca/ninf01 
Finger me for my pgp key (finger ninf01@gel.usherb.ca)
fingerprint =  1C C1 4F A6 EE E5 4D 99  4F 80 2D 2D 1F 85 C1 70 
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMwICvFX6fc7jcjhFAQF6gQP/evgbdxZ6AVNDrdsd+3BgAUfTdWVOQ0Np
qNdqz2e9CVSSR4QfvHQMbGwJXgERs2my48VDCgCSuheKtTv8HsgGO+MsracI2jmH
946gytvmSY2ggImVo0fXQjjsE1ck0+DrLhgoRNqLE/vqNWbpA8M8KaM+wguaklzs
RBq7t+xLqow=
=QFBy
-----END PGP SIGNATURE-----

References:
- Re: RFC: Proposal for signed packages
  - From: Christian Leutloff <leutloff@sundancer.tng.oche.de>

Prev by Date: Re: Debian testing organization: a proposal (long)
Next by Date: Re: the NAKED MILE
Previous by thread: Re: RFC: Proposal for signed packages
Next by thread: Re: RFC: Proposal for signed packages
Index(es):
- Date
- Thread