Re: Bug#540215: Introduce dh_checksums

To: debian-devel@lists.debian.org
Subject: Re: Bug#540215: Introduce dh_checksums
From: Russ Allbery <rra@debian.org>
Date: Thu, 18 Mar 2010 11:55:59 -0700
Message-id: <[🔎] 878w9ph328.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 87eijif5fs.fsf@frosties.localdomain> (Goswin von Brederlow's message of "Thu, 18 Mar 2010 08:35:19 +0100")
References: <[🔎] 20100310143214.GE10578@celtic.nixsys.be> <[🔎] 20100311173710.GC25679@nn.nn> <[🔎] 87aaue898o.fsf@frosties.localdomain> <[🔎] 20100312221356.GJ3902@celtic.nixsys.be> <[🔎] 87eijj7523.fsf@frosties.localdomain> <[🔎] 20100317114158.GA17583@nn.nn> <[🔎] 20100317143631.GA5556@reptile.pseudorandom.co.uk> <[🔎] 87pr32zurw.fsf@windlord.stanford.edu> <[🔎] 20100317224016.GC15158@celtic.nixsys.be> <[🔎] 87ljdqtudt.fsf@windlord.stanford.edu> <[🔎] 20100317231806.GE15158@celtic.nixsys.be> <[🔎] 87eijif5fs.fsf@frosties.localdomain>

Goswin von Brederlow <goswin-v-b@web.de> writes:

> The changes files are signed by a human and therefor have a strong trust
> level. The "was XYZ is now UVW" file would have to be automatically
> signed and much less trustworthy.

This objection makes no sense to me.  The archive key is *much* more
trusted in practice than the individual DD keys.  Haven't you been
advocating using the Packages file for this purpose, which is signed by
exactly the same key that would be doing this signature?

> Esspecially if you suspect someone broke into ftp-master and modified
> some debs.

Which they can do just as easily if you rely only on Packages.  Even more
easily, in fact.

The problems that you are citing here are problems that we already have;
that, in fact, are much worse now than they would be under that proposed
scheme.  (However, I will note that your *.changes idea does offer some
additional protection there over the scheme that I was considering.)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Bug#540215: Introduce dh_checksums
  - From: Goswin von Brederlow <goswin-v-b@web.de>

References:
- Re: Bug#540215: Introduce dh_checksums
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>
- Re: Bug#540215: Introduce dh_checksums
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: Bug#540215: Introduce dh_checksums
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>
- Re: Bug#540215: Introduce dh_checksums
  - From: Simon McVittie <smcv@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Goswin von Brederlow <goswin-v-b@web.de>

Prev by Date: Re: Bug#540215: Introduce dh_checksums
Next by Date: Re: Submitting bugs for manpage improvements
Previous by thread: Re: Bug#540215: Introduce dh_checksums
Next by thread: Re: Bug#540215: Introduce dh_checksums
Index(es):
- Date
- Thread