[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFH] The need for signed packages and signed Releases (long, long)

>>"Ian" == Ian Jackson <ian@davenant.greenend.org.uk> writes:

 Ian>  - Debian ends up becoming a CA.  Who will run this CA and
 Ian>    how will we maintain its security ?

       You do not have X509 certificates. You can merely sign the ar
components with gpg keys; and Debian distributes the keyring (one can
also get the current keyring from a well known place on the
network). Perhaps the kayring itself can have a detached signature;
this is not so much more work to set up. 

 Ian>  - What about third-party packages ?  Do we end up being a CA
 Ian>    for third parties ?!

	I can try and get the third party gpg key into my local
 ketring with a decent web of trust; Debian need not be involved.

 Ian>  - What about revocation ?  And how do we reconcile revocation
 Ian>    with the need to do offline installs, and installs from very old
 Ian>    physical media ?

	If the key is revoked on the public/debian key servers, I'll know
 when I update the keyring

 Ian>  - How do we stop an attacker who has compromised some Developer's
 Ian>    machine from using that Developer's key to get a trojan widely
 Ian>    installed ?

	There is no such thing as absolute security.

	This mechanism improves the security by narrowing the threat
 cases; and gives us a chance to put into place a process that would
 be better security than now.

	Do not let perfect get in the way of better.

 One of the disadvantages of having children is that they eventually
 get old enough to give you presents they make at school. Robert Byrne
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: