On Tue, 2003-12-02 at 07:00, Andreas Barth wrote: > * John Goerzen ([EMAIL PROTECTED]) [031201 17:40]: > > Even if the attacker could place a new keyring file in the archive, > > people verifying signatures on signed .debs would not install it, since > > it would not have the signature of a developer. > > And to be honest: If all debs are signed, and it is easy possible, I > would restrict accepted signatures at my private machine for the > keyring package to James - and let me send a mail if there is a > keyring package signed by any other DD. So, the real danger would be > if James key is stolen.
Would it be possible && increase security for debian-keyring maintainer to have a separate, non-network-connected box which which to sign any new keyring packages (and transfers of the package, for signing, happening by floppy/ cd/ etc)? Would that give us long-term certainty that some unknown/ yet to be discovered root-exploit has compromised our community without us knowing? ta zen -- Debian Enterprise: A Custom Debian Distribution: http://debian-enterprise.org/ * Homepage: http://soulsound.net/ * PGP Key: http://soulsound.net/zen.asc * Please respect the confidentiality of this email as sensibly warranted.