[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsigs

On Wed, 27 Mar 2002, Florian Weimer wrote:
>         * This policy is not targeted at Debian as a whole, but at a
>           company that wishes to add value to Debian packages by
>           adding certain cryptographically signed attributes to them.

Post-woody Debian will just pretend to be made by the 'Debian' company, I
suppose.

>         * It is not clearly how replay attacks are dealt with
>           (i.e. malicious mirror serving old, vulnerable version of
>           software).  (This might an error of mine, because I'm not
>           familiar with the Debian infrastructure.)

This will not be addressed by debsigs, but rather by apt and signed
releases.  apt will know about signed collections of packages (which may be
individually signed as well). This is orthogonal to debsigs.

>         * A scenario we might have to deal with in the future is the
>           following: The maintainer of a hypothetical "relo" package
>           ("remote login") receives a court order to plant a backdoor
>           in this package. Suppose we notice it, shall we refuse all
>           signatures of Debian developers from the same jurisdiction?

Ugh. We shall walk over that bridge when we reach it, I suppose.

>         * Some of the procedure of the document talk about "removing
>           keys from the keyring", and not about revoking certification
>           of keys (which would appear to be much more natural).  For

We do not revoke keys because they are not invalid. We do not revoke the
signatures on UIDs mentioning @debian.org, because that would cause a lot of
trouble for the person to come back to the Debian project, I think. One
cannot revoke a revocation certificate, AFAIK...

However, I do agree that, once one leaves the project, we should attempt to
make sure nobody reuses his user id (to avoid a foo@debian.org colision).

Someone is trusted by the project if, and only if, he has a non-revoked key
in the Debian keyring. Removing a key from the Debian keyring effectively
removes all privileges that key has as far as Debian is concerned.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: