Re: Crypto signing of packages
Manoj Srivastava <srivasta@datasync.com>:
> I like this proposal better than the old one.
>
> However; I'm not sure about competence or integrity requirements;
> some how it goes against the grain for someone who is not issuing my
> paycheck.
This is somewhat outside the scope of the technical infrastructure for
certification, but I do think it should be discussed, and the day will
come when we have to turn someone down because we don't trust them.
> If we are going to act and issue key revocations about maintainer
> keys, then we should recommend that maintainers generate a separate
> key for package maintainence, and that key possibly be held in escrow
> at the master key maintenance sites (It should need two out of three
> sites to unlock the key database). The maintainer hols the other copy
> of the secret key. The idea of holding the package-maintainer key in
> escrow also allows us to deal with lost keys.
We do not need key recovery, and an escrow database kept centrally is
a very bad idea from a security point of view. You've been listening
to the NSA too much :-).
If a maintainer loses their key we can revoke our certification of it.
Ian.
Reply to: