[arch-general] Is Voting Effective?

Taylor Hornby havoc at defuse.ca
Fri Apr 11 19:58:02 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/11/2014 04:27 PM, Daniel Wallace wrote:
> So you're saying... blindly trusting someone else that is unknown
> to build and blindly sign a package is more secure than you
> downloading the pkgbuild with cower or something, looking at the
> PKGBUILD, and then using makepkg...

I'd also argue that not all users know how to do that, and the process
is time consuming (especially when there are dozens of dependencies), so
it's effectively impossible for a subset of users.

I realize that contradicts the "user-centric not user-friendly" section
of The Arch Way, but if there's any reason something should be allowed
to violate that rule, it's security.

- -- 
Taylor Hornby
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTSIGKAAoJEN+oIJzpZ41dolcQAJp7fWsCQoXCviRj5zvFJbRw
fFxpOfV6La58qSMO7GeKR1kYxnQWCjwiV+4SkqO8WJ5hnBFEE8EYLdAoW62PB8yK
oDZICgd1B7Ut84j5UfmbNdNQ63pU9YY7cas/iNaqDbe/DR2q0tgcbRFC/oQRNchF
h5M6yX8IsId0qUT9Omo+gsmpW+uUEhj99o0Hormu2Vrv5P9jIZHqN3fD9+w5NNrZ
BM+cU23P01H+oSU2kUsoiv2Hh+X2p4TZJdVeBhnsKbuvSoKHdTf5aC87SgS0UdF0
1p1G+gNSlWLhPsmMAd9ranydH2AC2xupHAc4fPGVIGU2SygpKN9qgBZmgnqMnR+3
1cPmz5/94L+Rl+J2kv79vgLzDphILwSNN+69DRuXbMv3lmzYwdYLZ1nz5YT7NPP7
N798pzsIsKvLc4Nklbl2xUKYSSByX7eymVuPMxqP8DI329mXf0fJFeAg1NrZaJ8U
phbHJN7AN5Uz1WQhOvI5bh7mCecTyDCtdppAVMjcVBmfgKE1cvcWdqeo/KpqEF3b
8KX2zD0mDBsQ4Ww2XqlPiev7u6XJMqUY9Vi8R+wY2wfSz7acVux497ZIMfWixfNq
Sl0bfEvdYOhAhWq1+jk/G4MDds5nptLj7CZq2FUhBIDmMdn35nJ7mHebPZ8RtVsX
ANNCsGQLwqvAHdm7Fo4H
=PTfZ
-----END PGP SIGNATURE-----


More information about the arch-general mailing list