Web lists-archives.com

Re: Q: Where is keyring packaging guideline?




Hello,

On Fri 24 Aug 2018 at 11:54PM +0300, Adrian Bunk wrote:

> How will Debian provide and maintain such trust paths in stable?
>
> If we ship it in a stable release, it is Debian that provides some
> initial level of trust.
>
> So far Debian has completely failed on properly vetting and
> DSA-maintaining 3rd party keys in Debian releases.

Yes, these packages are much more useful in unstable and arguably
harmful in stable, unfortunately.

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature