On Wed, Jun 29, 2022 at 1:46 PM Ravi Dwivedi wrote:
> Since the below mentioned analysis of Debian's security, and that too
> compared to other distros, is not very well-known outside of Debian
> project
honestly i don't believe it's even widely known *in* the debian project
[quite how damn good
Since the below mentioned analysis of Debian's security, and that too
compared to other distros, is not very well-known outside of Debian
project(it didn't come up in any internet searches, the web of trust
gets mentioned but there is not much explanation on it), I suggest
writing in somewhere
On Mon, May 23, 2022 at 7:59 PM Adam McKenna wrote:
> You are talking about a deterrent though. I think the question is,
> what if someone cares more about their political cause than
> retaining their uploader access?
they get one and only one chance to do something that stupid.
> What if someo
> they get one and only one chance to do something that stupid.
So the answer is that we have no way of preventing a developer from
intentionally sabotaging a package in any / as many ways as they choose and
the only risk to them is losing their uploader access after the fact?
>the response is sw
> anyone stupid enough to abuse their position may only do so once, at
which point their GPG key is revoked.
You are talking about a deterrent though. I think the question is, what if
someone cares more about their political cause than retaining their
uploader access?
What if someone's keys are
On Mon, May 23, 2022 at 07:22:40PM +0100, lkcl wrote:
> > > i believe the answer is in the question. debian is based on distributed
> > > trust. i did the analysis (took 3 weeks): it is literally the only
> > > distro in the world with an inviolate chain of trust from a large keyring
> > > dati
On Mon, May 23, 2022 at 6:28 PM Adam McKenna wrote:
>
> > i believe the answer is in the question. debian is based on distributed
> > trust. i did the analysis (took 3 weeks): it is literally the only distro
> > in the world with an inviolate chain of trust from a large keyring dating
> > back
> i believe the answer is in the question. debian is based on distributed
trust. i did the analysis (took 3 weeks): it is literally the only distro
in the world with an inviolate chain of trust from a large keyring dating
back 20 years that is itself GPG-signed as a package, with a package
distrib
> Do you have a publication of that analysis? I was thinking the same
> about the organization of Debian for some time but never did analysis
> or compared it to other distros.
i found it here http://lkcl.net/reports/wot/ it's dated 2017 (not a bad
guess, 4 years). please bear in mind, the primary
> i did the analysis (took 3 weeks)
Do you have a publication of that analysis? I was thinking the same
about the organization of Debian for some time but never did analysis
or compared it to other distros.
Also I like to add that reproducible builds are an excellent addition
to the mechanisms yo
Oh
On Mon, 18 Apr 2022, 00:00 Daniel Pocock, wrote:
>
> On 17/04/2022 19:26, Satvik Sinha wrote:
> > Hi,guys and Good Day! So in recent days ,it was observed that many open
> > source contributors vandalised their or someone else's project's
> > reputation to show agendas of Russia-Ukraine war,
On 17/04/2022 19:26, Satvik Sinha wrote:
> abusing your OS's reputation?
i believe the answer is in the question. debian is based on distributed trust.
i did the analysis (took 3 weeks): it is literally the only distro in the world
with an inviolate chain of trust from a large keyring datin
On 17/04/2022 19:26, Satvik Sinha wrote:
> Hi,guys and Good Day! So in recent days ,it was observed that many open
> source contributors vandalised their or someone else's project's
> reputation to show agendas of Russia-Ukraine war, Some even vandalised
> their project to destroy system in Russ
13 matches
Mail list logo
