Re: Revival of the signed debs discussion

To: debian-devel@lists.debian.org
Subject: Re: Revival of the signed debs discussion
From: Andreas Barth <aba@not.so.argh.org>
Date: Mon, 1 Dec 2003 21:41:29 +0100
Message-id: <[🔎] 20031201204128.GG17282@mails.so.argh.org>
Mail-followup-to: Andreas Barth <aba@not.so.argh.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 8765h0mzk1.fsf@mrvn.homelinux.org>
References: <[🔎] 8765h0mzk1.fsf@mrvn.homelinux.org>

* Goswin von Brederlow (brederlo@informatik.uni-tuebingen.de) [031201 14:40]:
> Instead of keeping extra files with the signature of the deb the
> information could be stored inside the deb itself. Of cause the
> signature can't be contained in the thing being signed. Instead the
> signature would be added to the end or the ar archive and contain
> signatures for all the files (uncompressed?) before it in the archive.
> [...]

In principle I agree with your plan. Just a few suggestions what could
(perhaps?) be also done:

I would like it even more if there would be something along each
package that identifies what was done to the deb-file since creation
(see it as a something like a "passport" or "signature file", where
each entry adds new information to the file).

This would also have the advantage that a system administator could
verify signatures without following who is accepted as a DD, and who
is resigning - without a compromise of the debian server, verifying
any deb with the archive key is enough. If there is however a
suspecion of problems, he could always make stricter checks, without
requiring more infos from the archive. (And of course, any
administrator could also make checks stricter and demand a signature
by a DD plus a signature by the archive script).


More in detail this would mean that after building, the maintainer
signs the md5sums, and a "build this package on <date>".

After accepted by the archive, the archive script adds a line with
something like "accepted by katie on <date> because of good signature
of <Name> <KeyId>" to the top, and signs the whole thing.

This has one major drawback: Either the deb-file must be changed
during acceptance to the archive, or the "passport" must reside in an
extra file. (And there is of course a "mixed mode" possible: Extra
file at the moment, and after sarge is released, the files move within
the deb.)


Technical details should IMHO be discussed later, but a sample
passport could look like:

accepted by katie on Mon,  1 Dec 2003 20:34:58 +0000 because of good signature of DD, KeyID 0x01234567
build by DD on Sun, 30 Nov 2003 14:34:33 +0100
mgetty-voice_1.1.30-6_i386.deb
450b2b4ffa0be49b43f7358099117f7d control.tar.gz
fb00a05d140ec3e830d6227f3fdd743d data.tar.gz


Cheers,
Andi
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C

Reply to:

Follow-Ups:
- Re: Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>

References:
- Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>

Prev by Date: Re: Source only uploads? -- Survey evaluation
Next by Date: Re: XML files referencing DTDs via HTTP
Previous by thread: Re: Revival of the signed debs discussion
Next by thread: Re: Revival of the signed debs discussion
Index(es):
- Date
- Thread