Re: Crypto signing of packages
>We have either to live with the situation where anyone who can
>compromise any maintainer's key can get trojan code into our
>distribution, or we have to come up with a way of detecting and
>dealing with maintainer key compromise.
One thing you could do...
Certify a maintainer, and have him send you between-you-two-only key, that
he will use only for uploads. This key is sent via snail-mail, and signed
by hand. This should relatively secure that the key in question, is one
only known by Debian and the Maintainer (a must for secure transition).
When a maintainer needs to upload, he sends a request to Debian, stating
the package he wants to upload. Debian system, then sends back a responce
telling an instance of when the upload can take place, along with a
random keyword... crypted with the Maintainer-Debian only key. The
maintainer can then upload his package, at time given and with the one-time
only keyword, valid only for that particular package, time and maintainer.
Just my 25øre worth...
----------------------------------------------------------------------------
Ørn Einar Hansen oe.hansen@halmstad.mail.telia.com
oehansen@daimi.aau.dk
home+fax; +46 035 217194
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: