Re: debsigs
Ben Collins <bcollins@debian.org> writes:
> Already solved. Please read all the referenced docs.
I've browsed the policy document in the debsigs package, and here are
my comments:
* This policy is not targeted at Debian as a whole, but at a
company that wishes to add value to Debian packages by
adding certain cryptographically signed attributes to them.
* It is not clearly how replay attacks are dealt with
(i.e. malicious mirror serving old, vulnerable version of
software). (This might an error of mine, because I'm not
familiar with the Debian infrastructure.)
* A scenario we might have to deal with in the future is the
following: The maintainer of a hypothetical "relo" package
("remote login") receives a court order to plant a backdoor
in this package. Suppose we notice it, shall we refuse all
signatures of Debian developers from the same jurisdiction?
* Some of the procedure of the document talk about "removing
keys from the keyring", and not about revoking certification
of keys (which would appear to be much more natural). For
the more open Debian infrastructure, we might actually need
Web of Trust support.
* Autobuilders are completely out of the scope of this policy.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
- Follow-Ups:
- Re: debsigs
- From: Henrique de Moraes Holschuh <hmh@debian.org>