Re: Revocation list for old packages with security holes

"Julian Mehnle" <[EMAIL PROTECTED]> writes: > Goswin von Brederlow wrote: > > "Julian Mehnle" <[EMAIL PROTECTED]> writes: > > > We could use a revocation list where signatures of packages with > > > known security holes are listed as being revoked. Of course, you'd > > > need to be online to chec

RE: Revocation list for old packages with security holes

Goswin von Brederlow wrote: > "Julian Mehnle" <[EMAIL PROTECTED]> writes: > > We could use a revocation list where signatures of packages with > > known security holes are listed as being revoked. Of course, you'd > > need to be online to check it when installing/updating packages. > > And the rev

Re: Revocation list for old packages with security holes (was: Re: Revival of the signed debs discussion)

* Julian Mehnle ([EMAIL PROTECTED]) [031210 13:40]: > Joey Hess <[EMAIL PROTECTED]> wrote: > > Goswin von Brederlow wrote: > > > What can we do with deb signatures? > > > > > > For our current problem, the integrity of the debian archive being > > > questioned, the procedure would be easy and avail

Re: Revocation list for old packages with security holes (was: Re: Revival of the signed debs discussion)

"Julian Mehnle" <[EMAIL PROTECTED]> writes: > Joey Hess <[EMAIL PROTECTED]> wrote: > > Goswin von Brederlow wrote: > > > What can we do with deb signatures? > > > > > > For our current problem, the integrity of the debian archive being > > > questioned, the procedure would be easy and available to

Revocation list for old packages with security holes (was: Re: Revival of the signed debs discussion)

Joey Hess <[EMAIL PROTECTED]> wrote: > Goswin von Brederlow wrote: > > What can we do with deb signatures? > > > > For our current problem, the integrity of the debian archive being > > questioned, the procedure would be easy and available to every user: > > > > 1. get any clean Debian keyring (or