[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#817805: develop a means for apt-get update to learn about new archive signing subkeys

Package: apt
Severity: wishlist
X-Debbugs-Cc: debian-dak@lists.debian.org, debian-devel@lists.debian.org

We would like to start creating the keys that sign unstable in crypto
tokens, so that they are never seen by a general purpose comuting
devices.

These keys would probably be subkeys of the ftpmaster's archive signing
key.  We can't backup such subkeys sanely.  Tokens might break or
mistakes might be made.

There should be a way for us to easily rotate these signing subkeys.

Ideally, apt would accept any Release file signed by a valid subkey of
an openpgp key it trusts.  Therefore, it needs a way to learn about new,
valid subkeys[*].

Maybe we can ship a set of openpgp key updates on the mirrors next to
the Release file, or somewhere in /project, and apt would merge keys
from there.  Care needs to be taken so we don't start trusting
completely new keys just because they were on a mirror.


We should to figure out a way how to properly do this.


Cheers,
weasel

* and while we're at it, it might also learn about subkey revocations.
-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/
Reply to: