[CentOS-devel] why provide debuginfo
Charlie Brady
charlieb-centos-devel at budge.apana.org.auFri Apr 10 16:10:41 UTC 2009
- Previous message: [CentOS-devel] why provide debuginfo
- Next message: [CentOS-devel] why provide debuginfo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 10 Apr 2009, Pär Andersson wrote: > Karanbir Singh wrote: >> Change which part ? signing them or automating something ? The reason >> debuginfo's are not signed is that bringing them into a securebox for >> the signing process and pushing them out again easily triples the time >> factor. > > Personally I would rather wait even longer if that meant signed > packages. Of course it would not be an ideal solution, but I think the > security risk of installing unsigned packages is much worse than the > inconvenience of waiting. It's not obvious to me what the attack vector would be with unsigned debuginfo packages...
- Previous message: [CentOS-devel] why provide debuginfo
- Next message: [CentOS-devel] why provide debuginfo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-devel mailing list