Re: Cryptic messages from installers
Adam Heath wrote:
> Santiago Vila wrote:
>
> > [...]. A gpg signature represents the person responsible
> > for a given upload. You can make a mistake if you forgot to pass -m to
> > buildpackage, but you can't gpg-sign with the private key of another
> > developer. If there is something "random" here is the Maintainer
> > field, not the gpg signature.
>
> Yes, it represents the person. But there can be multiple addresses on a key,
> and, afaik, there is no way to tell by the signature alone which key is
> responsbile for the data.
>
> So that's why you use the maintainer field.
>
> Think about signed email. You compare the From: field, with the list of
> knowning addresses for a key, and compare that to the sig. This is the same
> thing.
It would be the same thing if katie checked that the Maintainer field
is a known address for the key used to sign the .changes file, but
katie does not do that. Instead it sends the email to the person in the
Maintainer field in a blind way.
I can say exactly the reverse of what you said: Since people often
forget to use the -m switch when using dpkg-buildpackage, there is no
way to tell by the Maintainer field alone which developer is
responsible for the upload.
What about using the gpg signature as the primary method and then
choosing among different addresses on a key by looking at the
Maintainer field?
At least this would be a better algorithm than the current one.
[ In either case: What's the problem for porters to generate different
keys for the build daemons? ].
Reply to: