On Wed, Oct 7, 2015, at 10:09, Mark H Weaver wrote: > > l...@gnu.org (Ludovic Courtès) writes: > > Most of the time the authentication model is trust-on-first-download: > > The packager fetches upstream’s public key when they first download a > > tarball (so this particular phase is subject to MiTM), and subsequent > > downloads are checked against the key that’s already in the packager’s > > keyring. > > Right, and every time the package is updated, that's another opportunity > for a MiTM attack. My proposal would fix that problem. It would also > allow MiTM attacks to be detected later, because the bad key would be > recorded in our git repository for all to see.
I have been wondering about this issue as I created package and I share Mark's concern. The current system relies on packagers to get it right for every update.