Re: Official Debian digital 'branding' of debs
Hi,
Yes, there is a weak point in _any_ public key scheme, and
that is the distribution and update of the ``trusted'' keys. By
leaving the choice upto the user, as is proposed below, we have the
following issues:
a) Unlike the new maintiainer team, users have even less information
about the developers, and it may be that no significant set of
users shall ever have enough information to determine the trust
level of individual developer's keys.
b) We have not increased the security any, we have, though, increased
the cost of the solution, cause _all_ keys now have to be
ascertained in some manner.
Having a single key does indeed create a single point of
failure, but this is a known fact, and we can expend significant
effort to maintain the integrity of the single key (never put on a
networked computer, only used for signing the debian keyring, etc).
If we have a single key, and it is ever compromised, it shall
be major news, and people whould be informed of the compromise a lot
easier. We then just distribute the new key, which maybe signed by a
number of developers (lotsa phone calls to get that done).
The single key can be well publicised, printed in books on
Debian, on the web site, in peoples signatures, in /usr/doc/*
area. Having a single key shall give us a means of distribution (by
wide poulicity of the fingerprint) that would make tampewring
extremely hard.
manoj
>>"Chris" == Chris Lawrence <quango@watervalley.net> writes:
Chris> I think when the issue has come up in the past, it's been a problem
Chris> with there being a single point of failure in the system (the "one,
Chris> true, Debian key"). Just because nobody's hacked RH's system to get
Chris> the key doesn't mean it won't happen...
Chris> OTOH, I can see a pgp/gnupg signature made, at the time of upload, by
Chris> developers; then you can decide which developers you trust (hopefully
Chris> all of us, but it's more fine-grained from your POV). I believe this
Chris> was recently discussed here (or maybe on policy)...
--
A Chicago salesman was about to check into a St. Louis hotel when he
noticed a very charming woman staring admiringly at him. He walked
over and spoke with her for a few minutes, then returned to the front
desk, where they checked in as Mr. and Mrs. After a very pleasurable
three-day stay, the man approached the front desk and told the clerk
he was checking out. In a few minutes, he was handed a bill for
$2500. "There must be some mistake," the salesman said. "I've been
here for only three days." "Yes, sir," the clerk replied. "But your
wife has been here a month and a half."
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
Reply to: