LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

McGee: The real story behind Arch Linux package signing

McGee: The real story behind Arch Linux package signing

Posted Mar 24, 2011 21:14 UTC (Thu) by piggy (subscriber, #18693)
Parent article: McGee: The real story behind Arch Linux package signing

I do feel that LWN has erred, mainly by using a single source with a very evident axe to grind, and by failing to do some of the basic fact checking which Dan McGee mentions in his blog post.

This won't affect my inclination to resubscribe, but I don't think a retraction from LWN would be out of order.

(Log in to post comments)

McGee: The real story behind Arch Linux package signing

Posted Mar 25, 2011 2:29 UTC (Fri) by ewan (subscriber, #5533) [Link]

I think a follow-up is in order, either to correct anything that was misleading, or to back up with references anything that wasn't, and is being claimed to be.

At the moment it just feels like a case of "he said"/"she said" - we could do with a credibly authoritative take.

McGee: The real story behind Arch Linux package signing

Posted Mar 25, 2011 9:57 UTC (Fri) by bo (subscriber, #56215) [Link]

I agree, and it would help restore some my faith in LWN. In my opinion, the original article was far below the quality I have come to expect from LWN.

McGee: The real story behind Arch Linux package signing

Posted Mar 25, 2011 16:17 UTC (Fri) by vonbrand (subscriber, #4458) [Link]

"Very evident axe to grind"? I don't see any "axe grinding" going on; this is an extremely serious security problem for Arch users, that just isn't being addressed by the distribution, as pointed out by LWN. Sure, the original complainant doesn't come across as exactly the most handsome and sharp messenger, but the message stands regardless.

McGee: The real story behind Arch Linux package signing

Posted Mar 25, 2011 16:31 UTC (Fri) by vonbrand (subscriber, #4458) [Link]

So it is now out of line to comment that on $MAILLIST there is a flamefest, and summarize the positions stated there... Or perhaps the crime is to hint that the problem being discussed is serious and isn't handled by $POWERS_THAT_BE?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds