Re: dpkg-sig support wanted?

To: Olaf van der Spek <olafvdspek@gmail.com>
Cc: debian-devel@lists.debian.org
Subject: Re: dpkg-sig support wanted?
From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
Date: Fri, 25 Nov 2005 17:11:34 +0100
Message-id: <[🔎] 87ek54yafd.fsf@informatik.uni-tuebingen.de>
In-reply-to: <[🔎] b2cc26e40511250732q42b5a2e5ubc79bf23915185de@mail.gmail.com> (Olaf van der Spek's message of "Fri, 25 Nov 2005 16:32:52 +0100")
References: <[🔎] 877jb0iswl.fsf@nahar.marcbrockschmidt.de> <[🔎] 87fypntzzo.fsf@mid.deneb.enyo.de> <[🔎] 20051123160817.GB13417@cyan.localnet> <[🔎] 20051123220920.GD5414@hezmatt.org> <[🔎] 20051124023037.GE15019@cyan.localnet> <[🔎] 20051124131345.GE17550@khazad-dum.debian.net> <[🔎] 20051125025707.GD19298@cyan.localnet> <[🔎] 4386EAB1.4090602@hogyros.de> <[🔎] 87k6ewzu1e.fsf@informatik.uni-tuebingen.de> <[🔎] 20051125152704.GA13942@hezmatt.org> <[🔎] b2cc26e40511250732q42b5a2e5ubc79bf23915185de@mail.gmail.com>

Olaf van der Spek <olafvdspek@gmail.com> writes:

> On 11/25/05, Matthew Palmer <mpalmer@debian.org> wrote:
>> Of course, using the signature on the .changes to verify the .debs
>> independent from the archive at some later date is a nice side-benefit, but
>> one which suffers from the same key-lifetime issues as in-deb signatures,
>
> What exactly is this key lifetime issue?
> Is it a cryptographic issue?

A key can expire, get stolen / lost or get compromised and
revoced. Once that happens you can't trust any signature made by that
key.

Although one can probably argue that an expired key still has enough
trust to verify old debs. Many people don't set an expiry date anyway.

While this sounds like a big problem lets have some numbers:

Shortly before the sarge release we imported all source packages into
the debian-amd64 DAK and actualy did have the problem with dsc file
signatures. But that was a problem of maybe 20 packages (out of
over 8000).

Overall a miniscule problem. If I can verify all but 20 packages that
realy is a great bonus.

MfG
        Goswin

Reply to:

References:
- dpkg-sig support wanted?
  - From: Marc 'HE' Brockschmidt <he@debian.org>
- Re: dpkg-sig support wanted?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Matthew Palmer <mpalmer@debian.org>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: dpkg-sig support wanted?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: dpkg-sig support wanted?
  - From: Simon Richter <Simon.Richter@hogyros.de>
- Re: dpkg-sig support wanted?
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: dpkg-sig support wanted?
  - From: Matthew Palmer <mpalmer@debian.org>
- Re: dpkg-sig support wanted?
  - From: Olaf van der Spek <olafvdspek@gmail.com>

Prev by Date: Re: dpkg-sig support wanted?
Next by Date: Re: dpkg-sig support wanted?
Previous by thread: Re: dpkg-sig support wanted?
Next by thread: Re: dpkg-sig support wanted?
Index(es):
- Date
- Thread