[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages and signatures

>     Nicolás>  So, my point hasn't been refuted. There's no reason we
>     Nicolás> shouldn't start using package signatures now, with
>     Nicolás> automatic signing by dinstall.
> 
> Will dinstall sign any package that has already has a valid signature,
> in the *.changes and *.dsc file?
> 
> If so, how can you be sure that my key in the debian public key ring
> really is my key?
> 
> (not trying to argue your point, just pointing out that weaknesses
> still do exist).

 That's my point too. Weakness do exist, and security can't be absolute.
What I say that adding signing to a process enforce an existing "system of
trust": dinstall is already trusting that your key in the Debian keyring is
yours.

> Suggestion: have up to two signatures per package, one from the
> uploader[1] (which can be verified by the paranoid who have some chain of
> trust already established), and one from dinstall.
> 
> Comments?
> 
> Note:
> [1] by this I mean the same person who signs the *.dsc and/or *.changes file.
> I think this applies even to the autobuilders.

 Yes, it's very reasonable (but all signatures should be from autobuilders,
and no developer should be allowed to upload binaries, but that's another
flamewar I won't start now =) ).
Reply to: