[pacman-dev] [ Package Signing ] Your signature please
Daniel Mendler
mail at daniel-mendler.de
Sat Feb 19 17:42:18 EST 2011
On 02/19/2011 08:38 PM, Alf Gaida wrote:
> Maybe i have should use a <ironic> tag. Nothing is secure in the end, if
> anyone will do harm, he'll find a security hole. Like this:
> http://www.webhostingtalk.com/showthread.php?t=717240
Exactly, because we cannot reach perfect security, we should not care
about it at all!
> I agree fully with Allan. For me it makes not a big difference if a package is
> signed or not. It's a nice to have feature and i would be glad if someone
> would implement it. But for me it has a very low priority..
It makes a big difference if your system is compromised. And then you
will care about it. I don't understand this naive and short-sighted opinion.
@Allan: I am a bit disappointed with your opinion that you want to
implement only features that you care about. I think there is also a
reponsibility if you are one of the main developers of the package
manager of a popular distribution. And you don't even have to implement
the features yourself - there are people who are willing to help. But
those people should also get some support by you.
Daniel
More information about the pacman-dev
mailing list