Re: Bits from the CD team: plans for debian-cd v3.0
-----BEGIN PGP SIGNED MESSAGE-----
Steve McIntyre wrote:
| On Fri, Jul 15, 2005 at 10:41:22AM +1200, Philip Charles wrote:
|>On Thu, 14 Jul 2005, Steve McIntyre wrote:
|>> Yes, this is a thorny area. I'm a little concerned - if we've gone to
|>> all the effort of adding signatures to the main archive, then it does
|>> seem to be ducking the problem to just trust all CDs. Allowing CDDs
|>> and redistributors to add new signatures as well should boost the
|>> security of the whole chain to the end user, too.
|>> Maybe I'm being paranoid, but it wouldn't be too hard to get a lot of
|>> users to to blindly install bad packages (e.g. from a trojanned cover
|>There was a similar argument some years back. On one side there was
|>customizable CDs, the other a rock solid security chain. What emerged
|>from the discussion was that a suprising number of people produced their
|>own disc sets for a variety of reasons. So customisable disc sets won
|>out. I would imagine that this would still be the situation today.
| People were a little less worried about security then, and the normal
| Debian base system did not support the security stuff we now have. I'd
| be curious to see if the balance of opinion has shifted the other way
| by now.
Um...maybe I'm dense, but everyone seems to be talking like there would only
be one trusted key (apparently compiled into apt) which is what makes custom
CDs a problem.
What's wrong with having a configurable set of trusted keys? Then users
could choose to trust official debian CDs/packages, stuff from their
favorite back-ports webiste, or whatever.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----