The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC: Proposal for signed packages

To: debian-private@lists.debian.org
Subject: Re: RFC: Proposal for signed packages
From: kai@khms.westfalen.de (Kai Henningsen)
Date: 16 Feb 1997 16:00:00 +0100
Comment: Unsolicited commercial mail will incur an US$100 handling fee per received mail.
Importance: low
In-reply-to: <87u3ni2zp5.fsf@abraxas.burg.oche.de>
Organization: Organisation? Me?! Are you kidding?
Priority: non-urgent
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"GCx7C.0.dn4.E9p1p"@master.debian.org>
Resent-reply-to: debian-private@lists.debian.org
Resent-sender: debian-private-request@lists.debian.org

nn201@cus.cam.ac.uk (Nikhil Nair)  wrote on 14.02.97 in <Pine.LNX.3.95.970214215503.11851A-100000@amasis.trin.cam.ac.uk>:

> On 12 Feb 1997, Christian Leutloff wrote:
>
> > Enrique Zanardi <ezanardi@molec1.dfis.ull.es> writes:
> >
> > > - One Debian developer should be choosen to sign with that key every
> > > new release of a package. (Perhaps Guy Maor, via his dinstall script?).
> >
> > this requires an automated procedure. Guy can't check all packages
> > manually. So it's possible to get a trojan signed by Guy oder the
> > Debian project. It's really bad for debian to officially sign a
> > trojan!! So it's better to get all packages signed by persons
> > individuelly. In the cases where it isn't possible there can be
> > someone signing for another developer.
> >
> > Please, don't do (mostly) automated signing!!
>
> I have to second this.  I've never claimed to be an expert on security,

*If* some sort of automated signing will be done (note I don't say this is  
either a good or a bad idea), then the key should indicate just what it is  
that is asserted.

A possible userid to demonstrate this idea would be

    "Debian Installer: *.changes matched key in developer keyring."

but most definitely *not*

    "Debian Project <debian@debian.org>"

> but even I can see a few potentially serious pitfalls here.  For one
> thing, if there's to be an official Debian secret key, it *must* be kept
> securely - which probably means it can't be on Master or any other
> multi-user system.

This is probably true. I think the original design (was it by Ian?)  
included something like a machine reachable only by a serial cable, and  
not running a login on that port, but instead a specialized program that  
just did verification and signing, or something similar to this.

Of course, there's the option of requiring someone to actually be online  
for the signing and provide his/her passphrase interactively, but I  
suspect we're way too large for this to work.


MfG Kai


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Follow-Ups:
- Re: RFC: Proposal for signed packages
  - From: Stephen Early <steve@myrddin.greenend.org.uk>

References:
- Re: RFC: Proposal for signed packages
  - From: Christian Leutloff <leutloff@sundancer.tng.oche.de>

Prev by Date: Re: publicity ...
Next by Date: Re: Debian testing organization: a proposal (long)
Previous by thread: Re: RFC: Proposal for signed packages
Next by thread: Re: RFC: Proposal for signed packages
Index(es):
- Date
- Thread