Re: Revival of the signed debs discussion
* Goswin von Brederlow (firstname.lastname@example.org) [031201 14:40]:
> Instead of keeping extra files with the signature of the deb the
> information could be stored inside the deb itself. Of cause the
> signature can't be contained in the thing being signed. Instead the
> signature would be added to the end or the ar archive and contain
> signatures for all the files (uncompressed?) before it in the archive.
In principle I agree with your plan. Just a few suggestions what could
(perhaps?) be also done:
I would like it even more if there would be something along each
package that identifies what was done to the deb-file since creation
(see it as a something like a "passport" or "signature file", where
each entry adds new information to the file).
This would also have the advantage that a system administator could
verify signatures without following who is accepted as a DD, and who
is resigning - without a compromise of the debian server, verifying
any deb with the archive key is enough. If there is however a
suspecion of problems, he could always make stricter checks, without
requiring more infos from the archive. (And of course, any
administrator could also make checks stricter and demand a signature
by a DD plus a signature by the archive script).
More in detail this would mean that after building, the maintainer
signs the md5sums, and a "build this package on <date>".
After accepted by the archive, the archive script adds a line with
something like "accepted by katie on <date> because of good signature
of <Name> <KeyId>" to the top, and signs the whole thing.
This has one major drawback: Either the deb-file must be changed
during acceptance to the archive, or the "passport" must reside in an
extra file. (And there is of course a "mixed mode" possible: Extra
file at the moment, and after sarge is released, the files move within
Technical details should IMHO be discussed later, but a sample
passport could look like:
accepted by katie on Mon, 1 Dec 2003 20:34:58 +0000 because of good signature of DD, KeyID 0x01234567
build by DD on Sun, 30 Nov 2003 14:34:33 +0100
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C