[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Requirements of the tool (dpkg) support for signed packages

 Which are the requirements for package signing?

 I have some ideas, I hope you find them useful, at least for starting a

  * Generic semantics for package signing with as little hardcoded Debian
    policy as posible.

    Rationale: dpkg is not only used by Debian anymore. dpkg should be a
    generic packaging tool. Besides this would give us greater flexibility. 
    On top of this raw functionality, there would be something that will
    define what a trusted package means. Wether this would be part of dpkg
    or part of apt can be discussed. But it would be nice to have these to
    "levels": as I said, dpkg should be as a generic packaging tool as

  * Multiple signatures. Each step in the chain should be able to add a
    signature for the package.

    Rationale: Packages should signed by the maintainer (or the
    auto-builder) and dinstall. Even more: a big site could add one more
    signature in order to "bless" packages (this could be used to implement
    some computer-lab management system, dunno).  The security policy which
    defines what does "trusted" mean would be implemented at the client (by
    a tool or by the user), so the package should provide as much signature
    info as it can.

  * The signature must be included *inside* the deb.

    Rationale: To make make security transparent to the newbie. To prevent
    the distribution of a .deb without the sig.

  * Not only do the package files need to be signed, but also the control

    Rationale: It's trivial to invent something to sign the data.tar.gz, but
    that would be clearly wrong. The maintainer address, the dependencies
    and the maintainer scripts must be signed too. I would even say that the
    sign tool should sign every component of the ar file, allowing for
    future expansion. If we add more components to the ar they should be
    signed too.  Signature components would have to be excempted of being

  * Backward compatibility would be important. Packages in woody should be
    able to be unpacked with a potato dpkg.

    Rationale: People will need to upgrade to woody someday. =)

Reply to: