Re: Official Debian digital 'branding' of debs
> I think when the issue has come up in the past, it's been a problem
> with there being a single point of failure in the system (the "one,
> true, Debian key"). Just because nobody's hacked RH's system to get
> the key doesn't mean it won't happen...
But there IS a single point of failure. All solutions you can image will
have that. If you have developers sign packages with their own keys, you'll
need a mean to `authorize' developers, in the form of a Debian signature to
the developers' signature.
Besides, another security measure we need to take sometime in the future is
automatic building of all packages for all architectures. In this way we can
assure that a binary match the sources.