Re: Bits from the CD team: plans for debian-cd v3.0
On Fri, Jul 15, 2005 at 06:36:19AM -0500, Charles Steinkuehler wrote:
>Steve McIntyre wrote:
>| People were a little less worried about security then, and the normal
>| Debian base system did not support the security stuff we now have. I'd
>| be curious to see if the balance of opinion has shifted the other way
>| by now.
>Um...maybe I'm dense, but everyone seems to be talking like there would only
>be one trusted key (apparently compiled into apt) which is what makes custom
>CDs a problem.
>What's wrong with having a configurable set of trusted keys? Then users
>could choose to trust official debian CDs/packages, stuff from their
>favorite back-ports webiste, or whatever.
You've missed the original message in the thread:
Similarly to the current apt code, if the Release file on the CD
is not signed with a known-good key then the user should be
presented with a message checking that they want to trust the
CD. Customised CDs could contain new keys, then apt would ask the
user to verify the fingerprint before adding it to the trusted
The default "official" CD key should be added to the default list in
apt, then users will be prompted if they want to trust any new keys
that are found on the CD they're using.
Steve McIntyre, Cambridge, UK. firstname.lastname@example.org
"Further comment on how I feel about IBM will appear once I've worked out
whether they're being malicious or incompetent. Capital letters are forecast."
Matthew Garrett, http://www.livejournal.com/users/mjg59/30675.html