Re: State of the debian keyring
On Tue, Feb 25, 2014 at 10:51:56AM -0800, Russ Allbery wrote:
> Gunnar Wolf <email@example.com> writes:
> > Ian Jackson dijo [Mon, Feb 24, 2014 at 05:57:57PM +0000]:
> >> I think this is a bug.
> >> It can increase security because it can make operations more
> >> convenient at the same level of security, and because people trade off
> >> convenience for security.
> >> For example, it would be possible to have one key for email encryption
> >> and a different (more secure) key for package uploads.
> For email signatures, don't quite a few more things care? All votes,
> db.debian.org operations, etc.
More relevantly an email signature isn't any different to a signature
for a package upload, so DDs would have to specify what the use for each
key was, keyring-maint would have to maintain appropriate keyrings
indicating what the expected use of a key was, and all the project
facilities that make use of signatures would have to make decisions
about which keyring they were using.
(Yes, for encryption that's a different situation but the only example I
can think of where the project uses encryption to a key in the keyring
at present is the initial account password / a password reset. And for
an encryption/signing split subkeys should be able to handle the desired
outcome, I think.)
Time is an illusion. Lunchtime doubly so.