Re: debsigs

To: debian-devel@lists.debian.org
Subject: Re: debsigs
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Wed, 27 Mar 2002 17:13:41 +0100
Message-id: <[🔎] 87hen2ouoa.fsf@CERT.Uni-Stuttgart.DE>
In-reply-to: <[🔎] 20020327012334.GH19032@blimpo.internal.net> (Ben Collins's message of "Tue, 26 Mar 2002 20:23:34 -0500")
References: <[🔎] Pine.LNX.4.44.0203191529580.4094-100000@tpo2.sourcepole> <[🔎] 73f2.3c97664c.da2fb@roy.gaast.net> <[🔎] 1016569697.2991.18.camel@altair> <[🔎] 87r8mfm39u.fsf@CERT.Uni-Stuttgart.DE> <[🔎] 20020321000430.GA7904@snoopy.apana.org.au> <[🔎] 20020321052420.GC20722@blimpo.internal.net> <[🔎] 20020321053930.GA12689@snoopy.apana.org.au> <[🔎] 20020327004655.GF19032@blimpo.internal.net> <[🔎] 20020327010653.GA7441@snoopy.apana.org.au> <[🔎] 20020327012334.GH19032@blimpo.internal.net>

Ben Collins <bcollins@debian.org> writes:

> Already solved. Please read all the referenced docs.

I've browsed the policy document in the debsigs package, and here are
my comments:

        * This policy is not targeted at Debian as a whole, but at a
          company that wishes to add value to Debian packages by
          adding certain cryptographically signed attributes to them.

        * It is not clearly how replay attacks are dealt with
          (i.e. malicious mirror serving old, vulnerable version of
          software).  (This might an error of mine, because I'm not
          familiar with the Debian infrastructure.)

        * A scenario we might have to deal with in the future is the
          following: The maintainer of a hypothetical "relo" package
          ("remote login") receives a court order to plant a backdoor
          in this package. Suppose we notice it, shall we refuse all
          signatures of Debian developers from the same jurisdiction?

        * Some of the procedure of the document talk about "removing
          keys from the keyring", and not about revoking certification
          of keys (which would appear to be much more natural).  For
          the more open Debian infrastructure, we might actually need
          Web of Trust support.

        * Autobuilders are completely out of the scope of this policy.

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: debsigs
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

References:
- ITI: HTTPS method for apt
  - From: "Tomas Pospisek's Mailing Lists" <tpo2@sourcepole.ch>
- Re: ITI: HTTPS method for apt
  - From: Wilmer van der Gaast <lintux@bigfoot.com>
- Re: ITI: HTTPS method for apt
  - From: Paolo Redaelli <paolo.redaelli@libero.it>
- Re: ITI: HTTPS method for apt
  - From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
- Re: ITI: HTTPS method for apt
  - From: Brian May <bam@debian.org>
- Re: ITI: HTTPS method for apt
  - From: Ben Collins <bcollins@debian.org>
- Re: debsigs
  - From: Brian May <bam@debian.org>
- Re: debsigs
  - From: Ben Collins <bcollins@debian.org>
- Re: debsigs
  - From: Brian May <bam@debian.org>
- Re: debsigs
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: Debian's problems, Debian's future
Next by Date: proftpd bug or not?
Previous by thread: Re: debsigs
Next by thread: Re: debsigs
Index(es):
- Date
- Thread