On Sun, Sep 01, 2013 at 12:36:59PM +0200, Florian Weimer wrote:
How so? The code that performs the signature check (or reports the failure) relies on bits that we (Debian) ship. It's impossible to bootstrap trust, unless you already trust Debian.
There's no such thing as perfect security, only a series of tradeoffs. I'm honestly not familiar with the exact circumstances, but I'm assuming that the signature in question is validated via the jvm CA trust path. Is there an alternative way to sign a java applet in a debian autobuilder with a trusted key? You can obviously argue whether that's a useful property, but if you're a user who wants to be able to follow a consistent process between the debian version and other versions it's certainly nicer for it to "just work" rather than getting an explanation of why the debian way is better and what the user is trying to do doesn't make sense.
Mike Stone
Attachment:
signature.asc
Description: Digital signature