Re: Why are in-person meetings required for the debian keyring?
Christian Kastner <debian@kvr.at> writes:
> On 2015-02-12 21:11, Russ Allbery wrote:
>> Christian Kastner <debian@kvr.at> writes:
>>
>>> And I maintain that those people cannot be trusted with unrestricted
>>> upload rights to the archive. That person-noone-has-ever-met but
>>> occasionally-prepares-and-uploads-packages could just be a well
>>> motivated person (or a group of people -- who knows?) hoping to
>>> eventually compromise a popluar OS such as Debian, with zero risk of
>>> personal consequences, or criminal prosecution.
>>
>> I think the point is that so could the person who showed up at DebConf.
>> Once you start postulating a sufficiently motivated attacker that they
>> would be willing to take the time to establish a contribution track record
>> and go through the NM process, showing up at DebConf with a forged ID is
>> not increasing the difficulty of the attack by very much, nor is it
>> increasing the risk by all that much.
>
> I of course agree with the first part, but I have to disagree with the
> last sentence: I think it does increase the risk for the attacker.
> Because even if the ID is fake, I still have seen a person, and a face,
> I could describe. I could point out that person to others at next
> DebConf.
I very much doubt that. During a typical keysigning party (at least
those that I've seen or attended), you look at tens of faces within just
a few minutes. Do you really think that you'd be able to recall and
describe a particular face several months (or years) later, given only a
name?
Best,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
Reply to: