On Sun, 2014-06-22 at 15:49 +0200, Christoph Anton Mitterer wrote: > On Sun, 2014-06-22 at 14:21 +1000, Russell Stuart wrote: > > Sure, but you are no longer discussing a PKI system here. If you are > > going to abandon X.509 PKI > Well first of all,... PKI is just "public key infrastructure" and not > necessarily means X.509.
Correct. That's why I referred to it as X.509 PKI and not just X.509. > Well first, AFAIK, there are no mirrors for the BTS... and then > securing something like BTS with OpenPGP is quite difficult. There is a straight forward solution to handling BTS messages. You just DKIM sign them with an appropriate key when they are received. > Given that these services are used more and more for development, I > think it's more and more important to secure them as far as possible. 90% of what you want could be achieved with a working version of Certificate Patrol. Ship it as a standard part of iceweasel, pre configured with a few certs and enabled by default. That nice thing about getting Certificate Patrol working is it helps everyone - not just Debian.
signature.asc
Description: This is a digitally signed message part