On Wed, May 14, 2003 at 09:26:13AM +0200, Matthias Urlichs wrote: > Hi, Colin Watson wrote: > > I would strongly suggest that you use a write-only "incoming", and a > signature checker which moves packages to the download area if they're OK. > > That checker should do the following: > - start with the standard DD keyring, + an empty "uploaders" keyring > - loop forever_and_ever: > - is the package correctly signed? no => delete > - is the key which was used in one of the keyrings? yes => accept > + - get the key from one of the keyservers. Failure => delete > + - is the key signed by somebody who _is_ in the DD keyring? no => delete > + - add the key to the "uploaders" keyring > - accept the package. Perhaps instead of deleting packages that aren't signed by authenticated people, move these to a separate download area (one that isn't apt-getable perhaps). That way, people can still use this in an attempt to get sponsors without actually having a signature. (I didn't get my key signed until about I was well into the AM process.) -- Duncan Findlay
Attachment:
pgpmKb4hAZbi7.pgp
Description: PGP signature