| |||||||||||||
Fedora and DebianFedora and DebianPosted Apr 9, 2004 15:18 UTC (Fri) by hazelsct (guest, #3659)In reply to: Fedora and Debian by tarvin Parent article: Which is the best distribution? Package signatures are not practical in a distributed project like Debian: they would require that all users get the entire Debian maintainer keyring in order to verify packages. The system of checksums and signed Release files is equally secure, though as you say, not "easy" (yet).
(Log in to post comments)
Fedora and Debian Posted Apr 9, 2004 21:48 UTC (Fri) by EricBackus (guest, #2816) [Link] > Package signatures are not practical in a distributed> project like Debian: they would require that all users > get the entire Debian maintainer keyring in order to > verify packages. First of all, if Debian were so inclined, it could make it easy to get and verify the entire Debian maintainer keyring. Second of all, the right solution would probably involve having a Debian Signer person (or group of people?) that signs packages, so end users need only verify against that one signature. The Debian Signer would of course have to be able to verify signatures from any Debian maintainer. Third of all, even if making this work is difficult (which it shouldn't be), that's not a good enough excuse. Signed packages are *important*. Given that other distributions do this transparently and Debian doesn't, I really don't understand why anyone uses Debian at all.
Fedora and Debian Posted Apr 15, 2004 17:24 UTC (Thu) by coolian (guest, #14818) [Link] "Third of all, even if making this work is difficult (which it shouldn't be), that's not a good enough excuse. Signed packages are *important*. Given that other distributions do this transparently and Debian doesn't, I really don't understand why anyone uses Debian at all."That is the most retarded conclusion I have ever heard. Maybe you should get a blood test done and see if you have a 23rd chromosome issue.
|
|||||||||||||