Re: How to improve archive verification possibilities for the future

["David Palmer." <davidpalmer@westnet.com.au>]

On Sun, 2003-11-30 at 05:06, Isaac Jones wrote:
> Marc Haber <mh+debian-devel@zugschlus.de> writes:
> 
> >> The Release files for unstable and testing still have to be signed
> >> automatically, but I'd really prefer to have that done by
> >> downloading the file to a non-public machine, signing there and
> >> re-uploading.  Additionally, I'd like to have snapshots (for
> >> example all four weeks) to be signed manually with an off-line key.
> 
> Since the signing of the Release files is probably one of the weakest
> points in the chain, perhaps the key which hosts this key should be
> running SELinux or something?  That doesn't help if the build servers
> are cracked, but it does defend against some attacks.
> 
Adamantix, http://www.adamantix.org/ 
may be a better choice.
Regards,

David.