[Secure-testing-team] Broken testing propagation for some packages?
Moritz Muehlenhoff
jmm at inutil.org
Thu Jul 7 09:33:44 UTC 2005
Micah Anderson wrote:
> The most obvious candidate to me is on the alioth
> machine. Although this resource is available, it may cause some security
> concerns for people to have it there, due to the large number of
> people who have access to the box. Perhaps its not an issue?
I don't think that storing it on Alioth for now would be a problem.
If DTSAs have SHA-1 or SHA-256 checksums for the fixed packages and
PGP signatures, compromised binaries would be noticed. Access to
security.d.o is restricted because of embargoed disclosure, which is
not the case for secure-testing.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list