On Wed, Mar 30, 2011 at 12:16:00PM +0200, Philipp Kern wrote:
> On Wed, Mar 30, 2011 at 11:55:39AM +0200, Bastian Blank wrote:
> > Why do you want one keyring per arch? What problem are you trying to
> > solve with this?
> I think it's called principle of least privilege. Of course we could also let
> all buildd admins add arbitrary keys for any architecture and hope that it
> isn't abused, given that you're able to upload from anywhere in the world
> using the key.
They still can use their personal keys to do the uploads, so I don't
really see the difference.
> (But then everyone who adds keys for his machines at home will just get his
> privileges revoked anyway. Question is if harm is done at that point
> already.)
And it would be acceptable if a person in the wbadm group would do the
same?
This keyring adds new keys with a subset of permissions of the personal
key of the requestor. It still can be traced properly to the "owner". So
what harm should be done?[1]
Bastian
[1] Personally I have signing subkeys. This is a similar concept.
--
Behind every great man, there is a woman -- urging him on.
-- Harry Mudd, "I, Mudd", stardate 4513.3
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110330110032.gc7...@wavehammer.waldi.eu.org
