LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Arch Linux and (the lack of) package signing

Arch Linux and (the lack of) package signing

Posted Mar 24, 2011 23:51 UTC (Thu) by IgnorantGuru (guest, #73857)
In reply to: Arch Linux and (the lack of) package signing by BradReed
Parent article: Arch Linux and (the lack of) package signing

Below is my brief reply to Dan McGee. I posted this on his blog but given the Arch way of doing things, he'll probably just delete it. I notice Arch devs are now attacking LWN and trying to get them to delete their story. What's with these guys? This has been their approach to this issue for years - silence it. I still see no indication that their users' security is of any importance to them. Just ego.

LWN should be applauded for taking the heat for bringing this issue forward with integrity, and not buying the spent Arch dev arguments that no one has been willing to contribute. That is false - I have also heard privately from many devs who told me they also tried to get things done and hit the same brick wall. And I have been thanked by many Arch users for making them aware of this issue. LWN has their priorities right - they are informing their readers of a serious security problem. Silence and censorship is not the solution. Don't shoot the messenger.

As for package signing being 'almost done' - we'll see. They said this in 2008.

My reply to Dan McGee:
http://igurublog.wordpress.com/2011/03/24/lwn-picks-up-on...

(Log in to post comments)

Arch Linux and (the lack of) package signing

Posted Mar 25, 2011 0:19 UTC (Fri) by wonder (guest, #64293) [Link]

> Below is my brief reply to Dan McGee. I posted this on his blog but given > the Arch way of doing things, he'll probably just delete it

Look who's talking. the guy who deliberate block Allan's comments on his blog.

Dan would never do that.

Arch Linux and (the lack of) package signing

Posted Mar 25, 2011 2:46 UTC (Fri) by IgnorantGuru (guest, #73857) [Link]

Due to your curious message, I just found one of Allan's comments in the spam folder - he used so many links Wordpress nailed it as spam. I will restore it. He never informed me of the missing comment, and this is the first time the spam filter has ever nailed a legit comment. My apologies. I do not edit or delete reader's comments.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds