[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the CD team: plans for debian-cd v3.0

Hash: SHA1

Steve McIntyre wrote:

| On Fri, Jul 15, 2005 at 10:41:22AM +1200, Philip Charles wrote:
|>On Thu, 14 Jul 2005, Steve McIntyre wrote:
|>> Yes, this is a thorny area. I'm a little concerned - if we've gone to
|>> all the effort of adding signatures to the main archive, then it does
|>> seem to be ducking the problem to just trust all CDs. Allowing CDDs
|>> and redistributors to add new signatures as well should boost the
|>> security of the whole chain to the end user, too.
|>> Maybe I'm being paranoid, but it wouldn't be too hard to get a lot of
|>> users to to blindly install bad packages (e.g. from a trojanned cover
|>> disc).
|>There was a similar argument some years back.  On one side there was
|>customizable CDs, the other a rock solid security chain.  What emerged
|>from the discussion was that a suprising number of people produced their
|>own disc sets for a variety of reasons.  So customisable disc sets won
|>out.  I would imagine that this would still be the situation today.
| People were a little less worried about security then, and the normal
| Debian base system did not support the security stuff we now have. I'd
| be curious to see if the balance of opinion has shifted the other way
| by now.

Um...maybe I'm dense, but everyone seems to be talking like there would only
be one trusted key (apparently compiled into apt) which is what makes custom
CDs a problem.

What's wrong with having a configurable set of trusted keys?  Then users
could choose to trust official debian CDs/packages, stuff from their
favorite back-ports webiste, or whatever.

- --
Charles Steinkuehler
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Reply to: