On Wed, Apr 02, 2014 at 11:01:38PM +0400, Evgeny Kapun wrote:
> 02.04.2014 07:45, Jonathan McDowell wrote:
> > I don't actually think it's appropriate that this key lives in the
> > debian-role-keys keyring (and in general I think that keyring needs
> > to go away). The key should be present on the public keyserver
> > network; keyring.debian.org does not attempt to provide general
> > keyserver functionality and doesn't serve up the role keys anyway.
> 
> Public keyserver network doesn't help in verifying key authenticity.
> Anyone can create a key with the same name as yours and put it on the
> public keyserver network. Having a key in debian-keyring package help
> users in establishing its legitimacy.

Public keyservers aren't expected to provide verification of key
authenticity. The signatures on the keys themselves do that. The Debian
Live CD key is signed by Daniel, whose key is then signed by many other
DDs (and present in the debian-keyring package). If we pushed the Live
CD role key to the debian-keyring package we're still assuming the user
has access to a Debian box to install it and then also has a proper
trust path (presumably via the shasums on the APT package lists and then
the Debian archive signing key for those package lists) to that package.
If they're not using a Debian box to write the live CD then none of
these pieces help.

In short putting the Live CD key in the debian-keyring package doesn't
demonstrably solve the problem of verifying a Live CD that I can tell.

J.

-- 
/-\                             |       I don't sleep, I dream.
|@/  Debian GNU/Linux Developer |
\-                              |

Attachment: signature.asc
Description: Digital signature

Reply via email to