User: Password:
|
|
Subscribe / Log in / New account

Arch Linux and (the lack of) package signing

Arch Linux and (the lack of) package signing

Posted Mar 24, 2011 20:28 UTC (Thu) by BradReed (subscriber, #5917)
In reply to: Arch Linux and (the lack of) package signing by smurf
Parent article: Arch Linux and (the lack of) package signing

You may want to hear the opposing side of the story:

http://www.toofishes.net/blog/real-story-behind-arch-linu...


(Log in to post comments)

Arch Linux and (the lack of) package signing

Posted Mar 24, 2011 22:09 UTC (Thu) by giraffedata (subscriber, #1954) [Link]

Dan McGee's explanation doesn't cover the censorship, except to mention in passing that it happened and calling the triggering post a "rant that looked more like a blog post." IgnorantGuru says that he was told the problem was that the post was "trolling." I read it, and I don't think this moderator knows what the word means. IgnorantGuru also says the moderator said he was warned multiple times, but he doesn't remember being warned.

McGee makes a good case that IgnorantGuru's criticism was unfair, but I'm still troubled by the silencing of it.

McGee's blog post, by the way, shows him to be hypersensitive and highly defensive with respect to the LWN article. The LWN article is unbalanced, but not dishonest. As a neutral reader, I was aware throughout that I was seeing a report of IgnorantGuru's beliefs. The article's wording is careful enough that it is in fact consistent with McGee's version.

Arch Linux and (the lack of) package signing

Posted Mar 25, 2011 9:44 UTC (Fri) by BradReed (subscriber, #5917) [Link]

I fully agree with what you said. I know nothing about this first-hand, and have never even tried Arch Linux. I just saw McGee's post on reddit and thought it might be worthwhile to link to it here. It definitely expressed a different view on things.

The truth is probably somewhere in the middle.

Arch Linux and (the lack of) package signing

Posted Mar 24, 2011 23:51 UTC (Thu) by IgnorantGuru (guest, #73857) [Link]

Below is my brief reply to Dan McGee. I posted this on his blog but given the Arch way of doing things, he'll probably just delete it. I notice Arch devs are now attacking LWN and trying to get them to delete their story. What's with these guys? This has been their approach to this issue for years - silence it. I still see no indication that their users' security is of any importance to them. Just ego.

LWN should be applauded for taking the heat for bringing this issue forward with integrity, and not buying the spent Arch dev arguments that no one has been willing to contribute. That is false - I have also heard privately from many devs who told me they also tried to get things done and hit the same brick wall. And I have been thanked by many Arch users for making them aware of this issue. LWN has their priorities right - they are informing their readers of a serious security problem. Silence and censorship is not the solution. Don't shoot the messenger.

As for package signing being 'almost done' - we'll see. They said this in 2008.

My reply to Dan McGee:
http://igurublog.wordpress.com/2011/03/24/lwn-picks-up-on...

Arch Linux and (the lack of) package signing

Posted Mar 25, 2011 0:19 UTC (Fri) by wonder (guest, #64293) [Link]

> Below is my brief reply to Dan McGee. I posted this on his blog but given > the Arch way of doing things, he'll probably just delete it

Look who's talking. the guy who deliberate block Allan's comments on his blog.

Dan would never do that.

Arch Linux and (the lack of) package signing

Posted Mar 25, 2011 2:46 UTC (Fri) by IgnorantGuru (guest, #73857) [Link]

Due to your curious message, I just found one of Allan's comments in the spam folder - he used so many links Wordpress nailed it as spam. I will restore it. He never informed me of the missing comment, and this is the first time the spam filter has ever nailed a legit comment. My apologies. I do not edit or delete reader's comments.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds