[Catalog-sig] [Draft] Package signing and verification process
Lennart Regebro
regebro at gmail.com
Wed Feb 6 20:00:58 CET 2013
On Wed, Feb 6, 2013 at 6:20 PM, Zygmunt Krynicki
<zygmunt.krynicki at canonical.com> wrote:
> You would first download django (either signed or not) and get
> prompted if you want to trust the signer for that project (or if the
> file was not signed, to trust this particular file for django in the
> future).
Getting a lot of questions that you have no choice but to ask "yes" to
is not really an increase in security.
This doesn't in practice increase security against people writing
"bad" software in one sense or another. It does increase the security
against man-in-the-middle attacks, but we can get that without having
to ask yes for every package we download. (have you any idea how many
packages are in Plone? ;-)) The warnings that signatures and keys have
changed would be enough for that.
> I realize this interface is not perfect
Nothing is perfect! :-)
> but it solves practically all of the current issues.
> Most importantly it can be applied to all
> existing software today, so we get the benefits without asking
> everyone to fix their story.
I don't see how it solves the current issues unless everyone signs
their packages, which is asking people to fix their story.
//Lennart
More information about the Catalog-SIG
mailing list