[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bits from the release team



Le Sam 6 Mai 2006 11:53, Martijn van Oosterhout a écrit :
> On 5/5/06, Pierre Habouzit <madcoder@debian.org> wrote:
> > Proposal 1:
> >
> >   a possible way would be to have two valid keys at any time. like
> > one new key per year (or 6 month like you want) with a validity of
> > 2 years (resp. one year).
> >
> >   that would obviously mean two signatures per package (but I don't
> >   think that's that much work) and would require the user to update
> >   their "keyring package" only once every year (or 6 month), which
> > looks like a quite reasonnable trade-off. Even stable updates can
> > use that scheme, since it's released more than once a year.
>
> Why would you need two signitures per package?

because that would mean that at any time, the packages that ships the 
public keys is signed with the beeing-old and the beeing-new keys. It 
assures an upgrade path.

if you take the 2y validity with 1y overlap, to have no problems, 
users/images/... just have to be updated once a year (and will have a 
life of at least one year, almost two if those are updated as soon as a 
new key exists), which sounds reasonnable to me.

> In reality, the only way you can truly trust any key is if you get
> verification of the fingerprint from some other trusted source. Since
> we don't do that, all this discussion is handwaving to solve
> practical problems. Perhaps we should be teaching apt/dpkg to fetch
> the key from some other source entirely, say an https server, thus
> avoiding the issues of transporting keys via the same mechanism as
> the packages.

true

-- 
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Attachment: pgpH5VsnBg41P.pgp
Description: PGP signature


Reply to: