Re: How to improve archive verification possibilities for the future
On Sun, 2003-11-30 at 05:06, Isaac Jones wrote:
> Marc Haber <email@example.com> writes:
> >> The Release files for unstable and testing still have to be signed
> >> automatically, but I'd really prefer to have that done by
> >> downloading the file to a non-public machine, signing there and
> >> re-uploading. Additionally, I'd like to have snapshots (for
> >> example all four weeks) to be signed manually with an off-line key.
> Since the signing of the Release files is probably one of the weakest
> points in the chain, perhaps the key which hosts this key should be
> running SELinux or something? That doesn't help if the build servers
> are cracked, but it does defend against some attacks.
may be a better choice.