Re: Secure APT Key Management
On Wed, Jul 26, 2006 at 05:06:27PM +0100, martin f krafft wrote:
> also sprach Marc Haber <mh+debian-release@zugschlus.de> [2006.07.26.1632 +0100]:
> > While we're at it, I am very much in favor that we start accepting
> > binary package signatures again. We were on the right way to assure
> > package integrity on a package level when our archive suddenly stopped
> > accepting signed binary packages.
>
> Where's the added benefit if our archive serves binaries with
> signatures? I am actually in favour of this, but I do remember that
> this was the question neuro threw back at me when I brought it up in
> Mexico.
It is much easier to verify package integrity since the signature is
directly on the binary package. It works for out-of-tree software, and
it helps just in case you are too paranoid to trust ftpmaster.
I remember that back in the days of the 2003 compromise, ftpmaster was
- as usual - less than cooperative towards the people who wanted to do
their own verification of archive integrity. For example, if I
remember correctly, the question whether the automatic archive signing
key was stored on one of the compromised boxes, was never clearly
answered.
secure apt has greatly improved things (with secure apt, one does not
any more need the changes files to verify the archive, IIRC), but I still
feel more comfortable if the more distributed model of binary packages
signed by the builder were supported again.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Reply to: