Re: speaking in favour of signed Packages files
On Mon, 3 Apr 2000, Marcus Brinkmann wrote:
> There are some issues which are under-discussed currently, like making sure
> public keys for verification are propagated and up-to-date on the users
> machine. Changing the unstable key frequently is a bit of an inconvenience,
> and I would like to hear suggestions how to handle that ;)
I think the simplest way to do that is to make the security key (the one
wichert holds) very long lasting and have another file in the archive that
contains the current dinstall key of the day, APT would fetch that file,
confirm it against the internal `hard-coded' security key and then accept
it unconditionaly. This only applies to unstable.
APT would come with a 'hard-coded' config file that says things matching
certain crtieria should require the security key to be accepted (ie
stable and security site) while others would only require a trust path to
the security key. I'm not too sure how I'd like to represent this in the
config files yet.
I would like to be able to have more than one security key so people like
Corel and Stormix can have their own as well - I'm not entirely sure how
to do that right now - but it would probably want to go along the lines of
how SSL works with our security key being at the top of the trust system.
> If I am not completely wrong, this is something that is not too far away
> from the original proposal. Please let me know what you think about it.
I think it is the original proposal, more or less :>
> very similar things with different main emphasis and optimization.
> I hope we will see both in Debian one day.
It is likely that a newer dpkg will support embedded signatures, but I am
not sure if I want to ever see them checked automatically by default.