| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Fedora and Debian
Fedora and Debian
Posted Apr 9, 2004 21:48 UTC (Fri) by EricBackus (guest, #2816)In reply to: Fedora and Debian by hazelsct
Parent article: Which is the best distribution?
> Package signatures are not practical in a distributed
> project like Debian: they would require that all users
> get the entire Debian maintainer keyring in order to
> verify packages.
First of all, if Debian were so inclined, it could make it easy to get and verify the entire Debian maintainer keyring.
Second of all, the right solution would probably involve having a Debian Signer person (or group of people?) that signs packages, so end users need only verify against that one signature. The Debian Signer would of course have to be able to verify signatures from any Debian maintainer.
Third of all, even if making this work is difficult (which it shouldn't be), that's not a good enough excuse. Signed packages are *important*. Given that other distributions do this transparently and Debian doesn't, I really don't understand why anyone uses Debian at all.
(Log in to post comments)
Fedora and Debian
Posted Apr 15, 2004 17:24 UTC (Thu) by coolian (guest, #14818) [Link]
"Third of all, even if making this work is difficult (which it shouldn't be), that's not a good enough excuse. Signed packages are *important*. Given that other distributions do this transparently and Debian doesn't, I really don't understand why anyone uses Debian at all."That is the most retarded conclusion I have ever heard. Maybe you should get a blood test done and see if you have a 23rd chromosome issue.