Re: Crypto signing of packages

To: Debian developers list <debian-devel@lists.debian.org>
Subject: Re: Crypto signing of packages
From: Ian Jackson <ian@chiark.greenend.org.uk>
Date: Wed, 5 Mar 97 15:05 GMT
Message-id: <[🔎] m0w2IFb-0004oiC@chiark.greenend.org.uk>

Manoj Srivastava <srivasta@datasync.com>:
> I like this proposal better than the old one. 
>
> However; I'm not sure about competence or integrity requirements;
> some how it goes against the grain for someone who is not issuing my
> paycheck. 

This is somewhat outside the scope of the technical infrastructure for
certification, but I do think it should be discussed, and the day will
come when we have to turn someone down because we don't trust them.

> If we are going to act  and issue key revocations about maintainer
> keys, then we should recommend that maintainers generate a separate
> key for package maintainence, and that key possibly be held in escrow
> at the master key maintenance sites (It should need two out of three
> sites to unlock the key database). The maintainer hols the other copy
> of the secret key. The idea of holding the package-maintainer key in
> escrow also allows us to deal with lost keys.

We do not need key recovery, and an escrow database kept centrally is
a very bad idea from a security point of view.  You've been listening
to the NSA too much :-).

If a maintainer loses their key we can revoke our certification of it.

Ian.

Reply to:

Follow-Ups:
- Re: Crypto signing of packages
  - From: Manoj Srivastava <srivasta@datasync.com>

Prev by Date: rxvt
Next by Date: Re: IMPORTANT: What can we do about the base package?
Previous by thread: Re: What I found with initial installs
Next by thread: Re: Crypto signing of packages
Index(es):
- Date
- Thread