[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: .deb integrity check

Hi,

        Does not deal with compromised keys, or keys belonging to
 people not part of the project anymore. You can reduce this by
 providing ready access to to an uptodate debian keyring; but then
 come the problem of manually signing that with a secure Project key. 

        Hmm. We need to ensure that the keyring I have downloaded is
 actually uncompromised, and then use that to check all packages to be
 installed ...

        manoj

>>"Robert" == Robert Thomson <robert.thomson@studentmail.newcastle.edu.au> writes:
 Robert> IMHO, Individual packages should be signed (or md5sums,
 Robert> whatever) by the maintainer.  The maintainer should include
 Robert> their public key with the package, and that public key should
 Robert> be signed by an official Debian key.  Thus verifying that the
 Robert> key is in fact authentic.  Dpkg shouldn't deal with
 Robert> authentication, rather apt, or dselect (urg!) - the transport
 Robert> - should check - because it's at this point that most
 Robert> packages are downloaded without knowing their authenticity.

 Robert> Have a keyring somewhere with the Debian key on it, and allow
 Robert> sysadmins to add trusted keys, which work in the same manner.

 Robert> How apt/other deals with keys without sig's should be up to
 Robert> the sysadmin to define - perhaps on a per repository basis.

-- 
 Lunatic Asylum, n.: The place where optimism most flourishes.
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
Reply to: