|
|
|
|
|
|
by jancsika
2703 days ago
|
|
|
> It's instructive to see how much more careful they were about it. "Much more careful" would have been a requirement to consult upstream on all patches that are beyond the maintainer's level of expertise. Especially so for all patches that potentially affect the functioning of cryptographic libraries. Debian has had a catastrophe to show the need for such a guideline. Do they currently have such a guideline? If not it's difficult to see the key parties as little more than security theatre. Edit: clarification |
|
|