On Fri, 2015-02-06 at 20:23 -0500, Samuel Bronson wrote: > Ben Hutchings <b...@decadent.org.uk> writes: > > > It is true that this package cannot be auto-built, but it does not > > need to be. This is explained in debian/README.source. > > That explains *how* to build it by hand, certainly. > > But of what use is the signature if the package can just install > whatever public key anyway?
It is obvious that software regulation can be defeated, and you and I can think of several ways to get around the signature check. But I don't think this is a reason to make the key management any more automatic. We need to allow any developer to update this package for legitimate reasons, without providing users a simple way to disable regulation (which could open up Debian and/or its distributors to legal liability). I believe that the current packaging achieves that. [...] > (Also, the crda(8) manpage on wheezy claims that it will only use > databases signed by John Linville. If that's not so, shouldn't the > manpage be fixed?) It should. Ben. -- Ben Hutchings The first rule of tautology club is the first rule of tautology club.
signature.asc
Description: This is a digitally signed message part
