Re: Is packages build without verifying the source package signatures?
On Sun, Dec 03, 2017 at 11:40:31AM +0000, Holger Levsen wrote:
> On Sun, Dec 03, 2017 at 12:05:51PM +0100, Bastian Blank wrote:
> > > in practice, this also has obvious flaws.
> > Please elaborate.
> for a start: one only needs to compromise one machine instead of many...
It would still only need to compromise one machine: The one from where
the keys are handled and distributed.
> > > what's the technical reason
> > > the buildds are not checking the signatures?
> > Unavailability of the keys. Key may have been expired between upload
> > and build attempt.
> I'm not sure this is an advantage then... or rather: I'd rather see a
> requirement that keys used for signing are valid for at least another
> year after the upload.
Does not help. Also people prefer not to have keys lying around that
are valid for this much time.
Bastian
--
Love sometimes expresses itself in sacrifice.
-- Kirk, "Metamorphosis", stardate 3220.3
Reply to: