In article <[🔎] 19990610100707B.amos@gezernet.co.il> you write: >From: Joey Hess <joey@kitenet.net> >> Amos Shapira wrote: >> > It should be somehow possible to verify WHICH key should be verified, >> > and be able to obtain this in an independent way (i.e. if the package >> > is modified, and the key to be verified is directed to the cracker's >> > key then your verification wouldn't reveal this, would it?). Suggestion: Why not just sign the packages file? APT already checks the MD5SUMS with that in the packages file, so if you can prove that the packages file hasn't been tampered with, you can prove that all packages are OK. However, I guess, the problem here is that dpkg won't support it. >> If the package has to be signed by a key in the debian keyring, which itself >> must be signed by a single key, they can't do this. Comments: 1. What happens in the case a package is signed by someone who is not the maintainer? Would this be allowed? 2. Is it desirable to prevent the Packages with being tampered with? -- Brian May <bam@snoopy.apana.org.au>
Attachment:
pgpqk2iS3Gsiz.pgp
Description: PGP signature