In article <[🔎] 19990624042828.A9338@ormond.unimelb.edu.au> you write: >> >> 2. I would also get the maintainer/uploader to sign the [md5sums] file using >> PGP/GPG... > >Ideally - yes. Practically - no. Why would it be impractical? Of course, something like this wouldn't occur overnight, but you could have every new package contain a signed md5sum file, say from now, possibly making some package higher priority then others (eg essential packages), and the packages that don't yet contain this new feature - well that is no worse off then it currently is now... As I said before, signing the md5sums file has the advantage (IMHO), that you can securely check all non-config files on a system for any tampering. Of course somebody could tamper with your copy of PGP to produce false positives, but if that is really important, you can easily boot up from a known good floppy with a good copy of PGP, md5sum, and Debian signatures. In short - I think it would be worth it. Maybe this could be done as well as automatically signing the entire package by the FTP site when it is uploaded - the maintainers signature says - yes, noone has tampered with any files in/from this package since I uploaded it, and the debian signature says - yes, this is a valid Debian package. If this was to be used, I would suggest changing the debian signature with every release (eg potato) so that a particular package is "endorsed" to be valid for a particular release. Furthermore, if the private key for any early release gets comprimised, it doesn't have such a significant impact. -- Brian May <bam@snoopy.apana.org.au>
Attachment:
pgpKev9Fqb5PI.pgp
Description: PGP signature