also sprach Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de> [2006.07.26.1601 +0100]: > If you can get ftp-master to put the key in that place then I'm > willing to patch apt to use it for key updates with enough checking > and interactivity to make it save. I am much in disfavour of any method that automatically makes APT trust keys downloaded over the network. If the key came from media we distribute, this is fine, but there's just too much danger of MITM or DNS-poisoning attacks for automatic upgrades, unless we finally start using SSL. The way I envision key management is that every Debian machine trusts the SPI CA. Then we provide a page to download and verify keys, protected by SSL/TLS. Finally, we give the user easy-to-use tools to install these keys, and proper error messages from APT that will make it obvious what to do. I don't think it's asking too much of our users to manually declare trust for a new release. But we should definitely get rid of the one-year-long archive keys, which make no sense. Instead, have a key for etch, one for sid, one for etch+1, one for security, and so on. The user can then pick which ones s/he wants to trust. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system no micro$oft components were used in the creation or posting of this email. therefore, it is 100% virus free and does not use html by default (yuck!).
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)