Groups | Search | Server Info | Login | Register

Groups > linux.debian.vote > #4801

Re: Summary of the current state of the tag2upload discussion

Path csiph.com!pasdenom.info!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!news.servidellagleba.it!bofh.it!news.nic.it!robomod
From Scott Kitterman <debian@kitterman.com>
Newsgroups linux.debian.vote
Subject Re: Summary of the current state of the tag2upload discussion
Date Mon, 24 Jun 2024 21:10:01 +0200
Message-ID <ISXeF-5iCQ-3@gated-at.bofh.it> (permalink)
References <IRUVz-4BnQ-1@gated-at.bofh.it> <ISxkd-50l0-9@gated-at.bofh.it> <ISxDz-50u8-11@gated-at.bofh.it> <ISy6B-50Wi-1@gated-at.bofh.it> <ISTb3-5fa1-1@gated-at.bofh.it> <ISTXr-5fL4-9@gated-at.bofh.it> <ISWLD-5iau-11@gated-at.bofh.it>
X-Original-To debian-vote@lists.debian.org
X-Mailbox-Line From debian-vote-request@lists.debian.org Mon Jun 24 19:03:12 2024
Old-Return-Path <debian@kitterman.com>
X-Amavis-Spam-Status No, score=-7.717 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GMAIL=1, LDO_WHITELIST=-5, RCVD_IN_DNSWL_MED=-2.3, RDNS_NONE=0.793, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
X-Policyd-Weight using cached result; rate: -5.5
MIME-Version 1.0
Content-Type text/plain; charset=utf-8
Content-Transfer-Encoding quoted-printable
X-Mailing-List <debian-vote@lists.debian.org> archive/latest/25443
List-ID <debian-vote.lists.debian.org>
List-URL <https://lists.debian.org/debian-vote/>
List-Archive https://lists.debian.org/msgid-search/6615A5F7-1668-4DA7-8224-DFEA5338262D@kitterman.com
Approved robomod@news.nic.it
Lines 26
Organization linux.* mail to news gateway
Sender robomod@news.nic.it
X-Original-Date Mon, 24 Jun 2024 19:02:13 +0000
X-Original-Message-ID <6615A5F7-1668-4DA7-8224-DFEA5338262D@kitterman.com>
X-Original-References <87le2yj5mt.fsf@hope.eyrie.org> <25283742.vu2YLSoAXn@zini-1880> <87sex3u0jw.fsf@hope.eyrie.org> <3094043.Ou6EI2NGLR@zini-1880> <CABpYwDVtAjLO3O0J3Ou0Z6bu3vnJyA7GgatW71bb5HhG3Szdow@mail.gmail.com> <B6FC8C81-8D5A-4BFC-B4A0-8A330B7718A1@kitterman.com> <CABpYwDWTrT5ZwH_vYnd_rRp7qn0iWg+ztQxYM5bjKawnDXKgbA@mail.gmail.com>
Xref csiph.com linux.debian.vote:4801

Show key headers only | View raw

Do you have any examples of problems that this would have avoided (xz-utils isn't one - due to the way it's releases are done, it wouldn't be suitable for tag2upload)?

Scott K

On June 24, 2024 6:36:59 PM UTC, Aigars Mahinovs <aigarius@gmail.com> wrote:
>Signing something that you did not write and something that you don't read
>is a bad security practice that exposes you to various attacks.
>
>Just because we have been doing this poor security practice for a long time
>does not make it better. Now better methods are possible and we shouldn't
>prevent them from being used just because we are used to the weaker
>approach.
>
>On Mon, 24 Jun 2024, 18:34 Scott Kitterman, <debian@kitterman.com> wrote:
>
>>
>> None of that changes the fact that it's what they signed.  Historically,
>> the project has found that useful and I think it still is.

Back to linux.debian.vote | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-22 00:30 +0200
  Re: Summary of the current state of the tag2upload discussion Soren Stoutner <soren@debian.org> - 2024-06-22 07:40 +0200
    Re: Summary of the current state of the tag2upload discussion Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-22 15:50 +0200
  Re: Summary of the current state of the tag2upload discussion Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-22 15:40 +0200
  Re: Summary of the current state of the tag2upload discussion Micha Lenk <micha@debian.org> - 2024-06-22 22:20 +0200
    Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-23 04:50 +0200
      Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-23 10:40 +0200
        Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-23 16:50 +0200
          Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-23 17:30 +0200
            Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-23 17:50 +0200
              Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-23 18:20 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-23 20:00 +0200
                Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-23 20:50 +0200
                Re: Summary of the current state of the tag2upload discussion Mathias Behrle <mbehrle@debian.org> - 2024-06-23 20:50 +0200
                Re: Summary of the current state of the tag2upload discussion Marco d'Itri <md@Linux.IT> - 2024-06-24 03:30 +0200
                Re: Summary of the current state of the tag2upload discussion Simon Richter <sjr@debian.org> - 2024-06-24 10:20 +0200
                Re: Summary of the current state of the tag2upload discussion Aigars Mahinovs <aigarius@gmail.com> - 2024-06-24 16:50 +0200
                Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-24 17:40 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-24 19:10 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-25 09:10 +0200
                Re: Summary of the current state of the tag2upload discussion Simon McVittie <smcv@debian.org> - 2024-06-25 12:10 +0200
                Re: Summary of the current state of the tag2upload discussion Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-25 12:20 +0200
                Re: Summary of the current state of the tag2upload discussion Bart Martens <bartm@debian.org> - 2024-06-25 20:50 +0200
                Re: Summary of the current state of the tag2upload discussion Aigars Mahinovs <aigarius@gmail.com> - 2024-06-24 20:40 +0200
                Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-24 21:10 +0200
                Re: Summary of the current state of the tag2upload discussion Aigars Mahinovs <aigarius@gmail.com> - 2024-06-24 21:50 +0200
                Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-24 22:10 +0200
                Re: Summary of the current state of the tag2upload discussion Aigars Mahinovs <aigarius@gmail.com> - 2024-06-24 23:40 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-25 12:10 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-25 18:00 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-25 19:20 +0200
                Re: Summary of the current state of the tag2upload discussion Didier 'OdyX' Raboud <odyx@debian.org> - 2024-06-26 11:20 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-25 19:40 +0200
                Re: Summary of the current state of the tag2upload discussion Bdale Garbee <bdale@gag.com> - 2024-06-25 20:10 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-25 20:20 +0200
                Re: Summary of the current state of the tag2upload discussion Aigars Mahinovs <aigarius@gmail.com> - 2024-06-25 20:50 +0200
                Re: Summary of the current state of the tag2upload discussion Philip Hands <phil@hands.com> - 2024-06-25 22:20 +0200
                Re: Summary of the current state of the tag2upload discussion Didier 'OdyX' Raboud <odyx@debian.org> - 2024-06-26 11:20 +0200
                Re: Summary of the current state of the tag2upload discussion Simon Richter <sjr@debian.org> - 2024-06-26 06:30 +0200
                Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-26 07:30 +0200
                Re: Summary of the current state of the tag2upload discussion Philip Hands <phil@hands.com> - 2024-06-25 11:10 +0200
                Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-25 14:30 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-24 18:20 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-25 02:20 +0200
                Re: Summary of the current state of the tag2upload discussion Brian May <bam@debian.org> - 2024-06-25 03:00 +0200
                Re: Summary of the current state of the tag2upload discussion Simon Richter <sjr@debian.org> - 2024-06-25 06:30 +0200
                Re: Summary of the current state of the tag2upload discussion [and 1 more messages] Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-25 12:10 +0200
                Re: Summary of the current state of the tag2upload discussion [and  1 more messages] Ansgar 🙀 <ansgar@43-1.org> - 2024-06-30 20:50 +0200
                Re: Summary of the current state of the tag2upload discussion [and 1  more messages] Aigars Mahinovs <aigarius@debian.org> - 2024-06-30 22:00 +0200
                Re: Summary of the current state of the tag2upload discussion [and 1  more messages] Simon Richter <sjr@debian.org> - 2024-07-01 06:20 +0200
                Re: Summary of the current state of the tag2upload discussion [and 1  more messages] Andrey Rakhmatullin <wrar@debian.org> - 2024-07-01 08:00 +0200
                Re: Summary of the current state of the tag2upload discussion [and  1 more messages] Ansgar 🙀 <ansgar@43-1.org> - 2024-07-01 08:10 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-25 08:10 +0200
                Re: Summary of the current state of the tag2upload discussion Salvo Tomaselli <tiposchi@tiscali.it> - 2024-06-25 23:20 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-26 11:10 +0200
                Re: Summary of the current state of the tag2upload discussion Salvo Tomaselli <tiposchi@tiscali.it> - 2024-06-28 07:40 +0200
                Re: Summary of the current state of the tag2upload discussion Guillem Jover <guillem@debian.org> - 2024-06-26 04:40 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-25 09:10 +0200
                Re: Summary of the current state of the tag2upload discussion Sam Hartman <hartmans@debian.org> - 2024-06-26 14:20 +0200
                Re: Summary of the current state of the tag2upload discussion Jun MO <royclark086@gmail.com> - 2024-06-25 20:10 +0200
                Re: Summary of the current state of the tag2upload discussion Andrey Rakhmatullin <wrar@debian.org> - 2024-06-25 20:10 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-25 21:10 +0200
                Re: Summary of the current state of the tag2upload discussion Soren Stoutner <soren@debian.org> - 2024-06-28 04:50 +0200
                Re: Summary of the current state of the tag2upload discussion Sam Hartman <hartmans@debian.org> - 2024-06-26 05:00 +0200
    Re: Summary of the current state of the tag2upload discussion Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-23 20:40 +0200
      Re: Summary of the current state of the tag2upload discussion Micha Lenk <micha@debian.org> - 2024-06-23 21:20 +0200
        Re: Summary of the current state of the tag2upload discussion Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-24 11:40 +0200
        Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-24 14:40 +0200

csiph-web