Re: Packages and signatures
On Sat, Jan 27, 2001 at 03:55:29AM -0300, Nicolás Lichtmaier wrote:
> > > The impact of a key is larger (good or bad) because it can be verified AFTER
> > > the files LEFT ftp-master. (And all of them leave FTP-MASTER before the
> > > ARRIVE at the user).
> >
> > And it affects all packages instead of a strict subset.
>
> Compromising dinstall code compromises all packages, not a strict subset.
No, it only affects packages currently on Debian mirrors, and once the
compromise is fixed, things return to normal. If a trusted key were stolen, it
could be used to sign packages and distribute them anywhere, and it is much
harder to revoke a key from every Debian system than to repair a single system
intrusion.
Also, once the key is revoked, older packages (e.g., from previous releases)
signed by that key can no longer be verified.
--
- mdz
Reply to: