[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: digital signatures for kde sources?
From:       Joanna Rutkowska <joanna () invisiblethingslab ! com>
Date:       2010-05-26 0:52:45
Message-ID: 4BFC70DD.7040607 () invisiblethingslab ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On 05/26/2010 02:37 AM, Brad Hards wrote:
>> Security of any system should be build on strong foundations --
>> otherwise it all doesn't make any sense.
> This logic is basically one about putting an extra padlock on the front door, 
> when there is no back wall. There are 2395 svn accounts that can write to the 
> repository, which is probably a much easier (i.e. more likely) place to 
> introduce untrustworthy code than the package tarballs.
> 
Are you saying there is absolutely no control of what code goes into
official tarballs?

j.


["signature.asc" (application/pgp-signature)]

>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<


[prev in list] [next in list] [prev in thread] [next in thread]