[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

* Goswin von Brederlow (brederlo@informatik.uni-tuebingen.de) [031201 14:40]:
> Instead of keeping extra files with the signature of the deb the
> information could be stored inside the deb itself. Of cause the
> signature can't be contained in the thing being signed. Instead the
> signature would be added to the end or the ar archive and contain
> signatures for all the files (uncompressed?) before it in the archive.
> [...]

In principle I agree with your plan. Just a few suggestions what could
(perhaps?) be also done:

I would like it even more if there would be something along each
package that identifies what was done to the deb-file since creation
(see it as a something like a "passport" or "signature file", where
each entry adds new information to the file).

This would also have the advantage that a system administator could
verify signatures without following who is accepted as a DD, and who
is resigning - without a compromise of the debian server, verifying
any deb with the archive key is enough. If there is however a
suspecion of problems, he could always make stricter checks, without
requiring more infos from the archive. (And of course, any
administrator could also make checks stricter and demand a signature
by a DD plus a signature by the archive script).

More in detail this would mean that after building, the maintainer
signs the md5sums, and a "build this package on <date>".

After accepted by the archive, the archive script adds a line with
something like "accepted by katie on <date> because of good signature
of <Name> <KeyId>" to the top, and signs the whole thing.

This has one major drawback: Either the deb-file must be changed
during acceptance to the archive, or the "passport" must reside in an
extra file. (And there is of course a "mixed mode" possible: Extra
file at the moment, and after sarge is released, the files move within
the deb.)

Technical details should IMHO be discussed later, but a sample
passport could look like:

accepted by katie on Mon,  1 Dec 2003 20:34:58 +0000 because of good signature of DD, KeyID 0x01234567
build by DD on Sun, 30 Nov 2003 14:34:33 +0100
450b2b4ffa0be49b43f7358099117f7d control.tar.gz
fb00a05d140ec3e830d6227f3fdd743d data.tar.gz

   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C

Reply to: