Bug#558784: Isn't this a security problem?
2010/6/23 Goswin von Brederlow <goswin-v-b@web.de>:
> That would complicate things when using
>
> deb [keyring=debian-lenny.gpg] http://ftp.debian.org/debian stable main
>
> The idea of specifying a specific keyring is so that one compromised key
> will not endanger all sources.list entries to attacks.
In theory you could support a list of keyrings in your trusted proposals
(which is fine for me btw) or as far as i know the recommend line currently is
to use the codename of the release instead of 'stable' so (maybe automatic)
actions like "apt-get upgrade" can not end in a "lenn-eze"…
> Since I'm quite opposed to non human readable conffiles: Why is the
> keyring a conffile? Why not have the packages keyring in
> /usr/lib/apt/trusted.gpg.d/ and user keyrings in
> /etc/apt/trusted.gpg.d/ or /usr/local/apt/trusted.gpg.d/? But I don't
> know how one would go about removing a key then.
The problem with /usr/lib/apt is that a file you delete or change will
appear unchanged again with the next upgrade of the package.
Something which seems to be disliked (in this bugreport). ;)
Binary file isn't my favorite either, but beside that gpgv doesn't
support ascii-amored files it wouldn't change much anyway:
I (and many others too) can't read ascii-armored keys…
And if it really boils down to a "file exists or not" it is the same.
/etc also as it is a user decision which keyrings he might want to trust
(or not) and that doesn't always boils down to a complete keyring package.
Best regards,
David Kalnischkies
Reply to: