Re: Signing Packages.gz
On Sat, Apr 01, 2000 at 03:18:17PM -0700, Jason Gunthorpe wrote:
> > Now link 2. It is currently absent. What you seem to suggest is to add a key
> > (dinstall-key) here, so the user can verify the archive. This adds a point
> > of weakness. As the dinstall key can't be used automatically and kept "truly"[1]
>
> How about this, if someone was able to hack master to the point of being
> able to get the dinstall key, I assure you they would be able to hack
> some]weak developer machine and lift their key too.
This is a seperate problem. I agree that this should not be the case, but it
has no place in this discussion. If individual developer keys are
compromised, we have a problem no matter what. Developers should not store
secret keys on net connected machines, point.
However, this only affects the developers packages, not the whole archive.
> I also assert that the
> chance of a hacker getting the security key is lower than say 50% of the
> keys in our keyring.
I would not make such claims. In any way, see above.
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' Debian http://www.debian.org Check Key server
Marcus Brinkmann GNU http://www.gnu.org for public PGP Key
Marcus.Brinkmann@ruhr-uni-bochum.de, marcus@gnu.org PGP Key ID 36E7CD09
http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/ brinkmd@debian.org
Reply to: