Bug#318630: Design TRUSTED support

[Julian Andres Klode <jak@debian.org>]

On Mi, 2010-06-02 at 11:26 +0200, Goswin von Brederlow wrote:
> Any objections to the proposed design for this feature?
> 
> - deb [key=0x1AB52325534,0x3475BDF478] ...
>   Only accept signatures by one of the listed fingerprints
Sounds good.

> 
> - deb [keyring=foobar.gpg] ...
>   Use foobar.gpg to verify the signatures and only foobar.gpg.
What kinds of file names are supported:
  a) absolute paths
  b) files relative to /usr/share/keyrings/

Do we want to do permission checks on those files (i.e. only accept
files not writeable by normal users)?

> 
> deb [trust=always|never] ....
>   Ignore the Release signature and just always or never trust the
>   source. "always" would be for file:// or sources on the local
>   network where you don't care if it is unsigned. "never" would be for
>   repositories you want to always be asked before they are used and
>   which should not replace packages from more trusted repositories.
Let's add trust=moo, which let's a cow ask you whether you trust this source...


BTW, Wasn't this all part of vendors.list sometime ago (I don't know
whether it was, it's not used anymore; and was not in use when I started
using Debian).

-- 
Julian Andres Klode  - Debian Developer, Ubuntu Member

See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.