Re: State of the debian keyring

To: Enrico Zini <enrico@enricozini.org>
Cc: debian-project@lists.debian.org, Francois Marier <francois@debian.org>
Subject: Re: State of the debian keyring
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Thu, 27 Feb 2014 12:32:10 +0000
Message-id: <21263.12362.656891.831329@chiark.greenend.org.uk>
In-reply-to: <20140225094715.GA27397@enricozini.org>
References: <20140123220729.GA25523@scru.org> <20140222224148.GA2130@scru.org> <20140222234641.GA31478@roeckx.be> <20140223003506.GE30391@gwolf.org> <CAKTje6G5qiCLM3VFqh1i5c33g7B1rs60WmrJz0-7mYrsPmbwKA@mail.gmail.com> <20140223133005.GW27090@earth.li> <20140223144653.GB29141@mraw.org> <20140224192852.GA17673@enricozini.org> <legven$fop$1@posted-at.bofh.it> <87sir7lxae.fsf@windlord.stanford.edu> <20140225094715.GA27397@enricozini.org>

Enrico Zini writes ("Re: State of the debian keyring"):
> ...which reminds me of http://www.enricozini.org/2008/tips/audit-uploads/
> which was a prototype of creating an audit log of key usage in debian.
...
> This means hooking into any place where a signature verification or a
> decryption actually happens in Debian: I can think of uploads,
> db.debian.org, voting, keyring requests, RT tickets filed, emails
> received by lists or the BTS: are there more?

My (not-yet-deployed) dgit push receiver (to support, amongst other
things, dm uploads), which depends on tags signed by dm pgp keys.

ssh push to alioth.  (Sorry to add a very hairy yak to your plan.)

dget.

> So I can't just open vim and write the code: auditing key usage in
> package uploads requires someone who knows dak inside out, and can
> commit to maintaining notification triggers in all obscure corners where
> keys are used, now and in future updates of the ftp-master toolchain.
> Same goes for any other bit of Debian.

Perhaps we could provide a patched version of gpg[v] which phones home
to report the verification.

> The starting point for this work is probably this, then: is it just me,
> feeling that we have a problem here, or am I actually in the good
> company of people who can do their bit?

I think this would be nice, and having a partial audit would be better
than no audit.

Ian.

Reply to:

References:
- Re: State of the debian keyring
  - From: Clint Adams <clint@debian.org>
- Re: State of the debian keyring
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: State of the debian keyring
  - From: Gunnar Wolf <gwolf@gwolf.org>
- Re: State of the debian keyring
  - From: Paul Wise <pabs@debian.org>
- Re: State of the debian keyring
  - From: Jonathan McDowell <noodles@earth.li>
- Re: State of the debian keyring
  - From: Cyril Brulebois <kibi@debian.org>
- Re: State of the debian keyring
  - From: Enrico Zini <enrico@enricozini.org>
- Re: State of the debian keyring
  - From: Marco d'Itri <md@Linux.IT>
- Re: State of the debian keyring
  - From: Russ Allbery <rra@debian.org>
- Re: State of the debian keyring
  - From: Enrico Zini <enrico@enricozini.org>

Prev by Date: Re: GR proposal: code of conduct
Next by Date: Re: State of the debian keyring
Previous by thread: Re: State of the debian keyring
Next by thread: Re: State of the debian keyring
Index(es):
- Date
- Thread