Re: Future security problem (was Re: be careful with Replaces, please)
- To: Brandon Mitchell <email@example.com>
- Cc: Debian Development Mailing List <firstname.lastname@example.org>
- Subject: Re: Future security problem (was Re: be careful with Replaces, please)
- From: Christian Schwarz <email@example.com>
- Date: Mon, 1 Dec 1997 17:35:38 +0100 (CET)
- Message-id: <Pine.LNX.3.96.971201172829.2509A-100000@monet>
- In-reply-to: <Pine.LNX.3.96.971130194512.12114Afirstname.lastname@example.org>
On Sun, 30 Nov 1997, Brandon Mitchell wrote:
> I'd also be interested in some kind of verification, so I can accept all
> packages put together by some maintainer, and the maintainers on the
> debian keyring, but no one else.
I had exactly the same idea in the previous KDE/virtual package discussion
I suggest that we add a new control field to our packages called "Origin:"
(or similar). This could either be set to "SPI" or "Debian", for example.
Then, all Debian packages should be signed with some PGP key (either only
one key for the whole system or by the maintainer's key).
dpkg could have its own keyring. Whenever dpkg installs a package, it
checks the key against its keyring. If the key is not found in the
keyring, dpkg stops installing (this can be overriden by some --force
The default keyring would probably be the developers keyring. The sysadmin
could then add new keys of persons/organziations which he/she trusts to
In addition, the origin tag could be used for special dependencies. For
example, the Debian KDE packages can conflict with KDE's KDE packages
(which happen to have the same package names).
-- Christian Schwarz
PGP-fp: 8F 61 EB 6D CF 23 CA D7 34 05 14 5C C8 DC 22 BA
CS Software goes online! Visit our new home page at
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .