From ilug-admin@linux.ie  Tue Oct  8 11:13:35 2002
Return-Path: <ilug-admin@linux.ie>
Delivered-To: zzzz@localhost.example.com
Received: from localhost (jalapeno [127.0.0.1])
	by example.com (Postfix) with ESMTP id 15A8716F16
	for <zzzz@localhost>; Tue,  8 Oct 2002 11:13:35 +0100 (IST)
Received: from jalapeno [127.0.0.1]
	by localhost with IMAP (fetchmail-5.9.0)
	for zzzz@localhost (single-drop); Tue, 08 Oct 2002 11:13:35 +0100 (IST)
Received: from lugh.tuatha.org (postfix@lugh.tuatha.org [194.125.145.45])
    by dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id g98A7PK10544 for
    <zzzz-ilug@example.com>; Tue, 8 Oct 2002 11:07:26 +0100
Received: from lugh.tuatha.org (localhost [127.0.0.1]) by lugh.tuatha.org
    (Postfix) with ESMTP id 60B92341EE; Tue,  8 Oct 2002 11:08:11 +0100 (IST)
Delivered-To: linux.ie-ilug@localhost
Received: from linuxmafia.com (linuxmafia.COM [198.144.195.186]) by
    lugh.tuatha.org (Postfix) with ESMTP id 877B5341E1 for <ilug@linux.ie>;
    Tue,  8 Oct 2002 11:07:04 +0100 (IST)
Received: from rick by linuxmafia.com with local (Exim 3.36 #1 (Debian))
    id 17yrJU-0001Ph-00 for <ilug@linux.ie>; Tue, 08 Oct 2002 03:10:04 -0700
To: ilug@linux.ie
Subject: Re: [ILUG] packaging risks and the reputation of linux distributions
Message-Id: <20021008100959.GL11235@linuxmafia.com>
References: <200210081058.50438.brendan@zen.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200210081058.50438.brendan@zen.org>
User-Agent: Mutt/1.4i
X-Mas: Bah humbug.
From: Rick Moen <rick@linuxmafia.com>
Sender: ilug-admin@linux.ie
Errors-To: ilug-admin@linux.ie
X-Beenthere: ilug@linux.ie
X-Mailman-Version: 2.0.11
Precedence: bulk
List-Help: <mailto:ilug-request@linux.ie?subject=help>
List-Post: <mailto:ilug@linux.ie>
List-Subscribe: <http://www.linux.ie/mailman/listinfo/ilug>,
    <mailto:ilug-request@linux.ie?subject=subscribe>
List-Id: Irish Linux Users' Group <ilug.linux.ie>
List-Unsubscribe: <http://www.linux.ie/mailman/listinfo/ilug>,
    <mailto:ilug-request@linux.ie?subject=unsubscribe>
List-Archive: <http://www.linux.ie/pipermail/ilug/>
X-Original-Date: Tue, 8 Oct 2002 03:09:59 -0700
Date: Tue, 8 Oct 2002 03:09:59 -0700

Quoting Brendan Kehoe (brendan@zen.org):

> As a workaround, the various distributions could use a GPG singature
> to verify correctness of the file.  Since the distributor's secret key
> is required to create that signature, it would add a pretty
> significant step that would have to be taken to make it possible to
> replace both a rpm or apt file and its accompanying signature.

There are complex problems inherent in attempts to implement this.
http://linuxmafia.com/~rick/linux-info/debian-package-signing

-- 
Cheers,                        My pid is Inigo Montoya.  You kill -9    
Rick Moen                      my parent process.  Prepare to vi.
rick@linuxmafia.com
-- 
Irish Linux Users' Group: ilug@linux.ie
http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
List maintainer: listmaster@linux.ie