]] Russ Allbery > Christian Kastner <deb...@kvr.at> writes: > > > And I maintain that those people cannot be trusted with unrestricted > > upload rights to the archive. That person-noone-has-ever-met but > > occasionally-prepares-and-uploads-packages could just be a well > > motivated person (or a group of people -- who knows?) hoping to > > eventually compromise a popluar OS such as Debian, with zero risk of > > personal consequences, or criminal prosecution. > > I think the point is that so could the person who showed up at DebConf. > Once you start postulating a sufficiently motivated attacker that they > would be willing to take the time to establish a contribution track record > and go through the NM process, showing up at DebConf with a forged ID is > not increasing the difficulty of the attack by very much, nor is it > increasing the risk by all that much.
And, some of us don't check ID for all keysignings. If you are acting as if you're $person for years and appear to be that person when I interact with you (and talk about stuff we've worked on or whatever), I'm quite likely to sign your key based on that: I would have verified your identify against who you claim to be in Debian. There are certainly possible attacks here, but do we realistically think we're going to protect ourselves against a competent attacker willing to put 3-6-12 months of full-time effort into becoming a DD and getting access? I don't think we do, and if we did, we'd have no volunteers able to get past the threshold. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mw4i6l64....@xoog.err.no