[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: digital signatures for kde sources?
From: Joanna Rutkowska <joanna () invisiblethingslab ! com>
Date: 2010-05-26 0:52:45
Message-ID: 4BFC70DD.7040607 () invisiblethingslab ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On 05/26/2010 02:37 AM, Brad Hards wrote:
>> Security of any system should be build on strong foundations --
>> otherwise it all doesn't make any sense.
> This logic is basically one about putting an extra padlock on the front door,
> when there is no back wall. There are 2395 svn accounts that can write to the
> repository, which is probably a much easier (i.e. more likely) place to
> introduce untrustworthy code than the package tarballs.
>
Are you saying there is absolutely no control of what code goes into
official tarballs?
j.
["signature.asc" (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic