[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Crypto signing of packages

Manoj Srivastava <srivasta@datasync.com>:
> I like this proposal better than the old one. 
> However; I'm not sure about competence or integrity requirements;
> some how it goes against the grain for someone who is not issuing my
> paycheck. 

This is somewhat outside the scope of the technical infrastructure for
certification, but I do think it should be discussed, and the day will
come when we have to turn someone down because we don't trust them.

> If we are going to act  and issue key revocations about maintainer
> keys, then we should recommend that maintainers generate a separate
> key for package maintainence, and that key possibly be held in escrow
> at the master key maintenance sites (It should need two out of three
> sites to unlock the key database). The maintainer hols the other copy
> of the secret key. The idea of holding the package-maintainer key in
> escrow also allows us to deal with lost keys.

We do not need key recovery, and an escrow database kept centrally is
a very bad idea from a security point of view.  You've been listening
to the NSA too much :-).

If a maintainer loses their key we can revoke our certification of it.


Reply to: