Andreas Barth <[EMAIL PROTECTED]> writes:
> * Goswin von Brederlow ([EMAIL PROTECTED]) [060906 13:52]:
>> Martin Schulze <[EMAIL PROTECTED]> writes:
>>
>> > Andreas Barth wrote:
>> >> Hi,
>> >>
>> >> I try to summarize the results of the discussion from start of August,
>> >> in hope that we can
* Goswin von Brederlow ([EMAIL PROTECTED]) [060906 13:52]:
> Martin Schulze <[EMAIL PROTECTED]> writes:
>
> > Andreas Barth wrote:
> >> Hi,
> >>
> >> I try to summarize the results of the discussion from start of August,
> >> in hope that we can finish this off, and test-run this first for the
>
Martin Schulze <[EMAIL PROTECTED]> writes:
> Andreas Barth wrote:
>> Hi,
>>
>> I try to summarize the results of the discussion from start of August,
>> in hope that we can finish this off, and test-run this first for the
>> next stable point release. From the security team, some input on their
>
Andreas Barth wrote:
> Hi,
>
> I try to summarize the results of the discussion from start of August,
> in hope that we can finish this off, and test-run this first for the
> next stable point release. From the security team, some input on their
> preference would be welcome.
>
>
> The idea is t
Hi,
I try to summarize the results of the discussion from start of August,
in hope that we can finish this off, and test-run this first for the
next stable point release. From the security team, some input on their
preference would be welcome.
The idea is to have different keys:
- One standard o
* Anthony Towns (aj@azure.humbug.org.au) [060730 15:10]:
> On Sun, Jul 30, 2006 at 12:56:26PM +0200, Martin Schulze wrote:
> > Florian Weimer stated[4] that the only approach known to work is
> > static keys for stable releases and stable security updates.
>
> For stable updates, an off-site key w
Anthony Towns writes:
> Joey: Thanks for the Bcc.
>
> On Sun, Jul 30, 2006 at 12:56:26PM +0200, Martin Schulze wrote:
>> 5. http://lists.debian.org/debian-release/2006/07/msg00202.html
>> Rapha?l Hertzog suggested[2] to use two signatures, one from a yearly
>> key and one from a stable release k
also sprach Anthony Towns [2006.07.30.1408 +0100]:
> On Sun, Jul 30, 2006 at 12:56:26PM +0200, Martin Schulze wrote:
> > The way he envisions key management is that every Debian machine
> > trusts the SPI CA. Debian should provide a webpage for downloading
> > and verifying keys, protected by SSL
Joey: Thanks for the Bcc.
On Sun, Jul 30, 2006 at 12:56:26PM +0200, Martin Schulze wrote:
> The way he envisions key management is that every Debian machine
> trusts the SPI CA. Debian should provide a webpage for downloading
> and verifying keys, protected by SSL/TLS. The use would require
I t
Last week I started a discussion[1] to find out the current status of key
management in Secure APT which is a release goal for etch and said to
be included in the next release of Debian. I don't find the situation
terribly promising, though, but here's a summary, so we may come to a
solution some
Raphael Hertzog <[EMAIL PROTECTED]> writes:
> On Wed, 26 Jul 2006, Florian Weimer wrote:
>> * Martin Schulze:
>>
>> > I'd really love to see this feature properly implemented.
>>
>> The only approach which is known to work is static keys for stable
>> releases and stable security updates. The k
Raphael Hertzog wrote:
> > > I'd really love to see this feature properly implemented.
> >
> > The only approach which is known to work is static keys for stable
> > releases and stable security updates. The keys can be stored off-line
> > or on-line, at the discretion of the respective teams.
>
On Wed, 26 Jul 2006, Florian Weimer wrote:
> * Martin Schulze:
>
> > I'd really love to see this feature properly implemented.
>
> The only approach which is known to work is static keys for stable
> releases and stable security updates. The keys can be stored off-line
> or on-line, at the discr
On Thursday 27 July 2006 14:13, Goswin von Brederlow wrote:
> And the planed date for that is?
From "bits from the release team", 02/05/06 22:36:
N-45 = Wed 18 Oct 06: general freeze [about 2 months after base
freeze, d-i RC]
N = Mon 4 Dec 06: release [1.5 months fo
Joey Hess <[EMAIL PROTECTED]> writes:
> Florian Weimer wrote:
>> From a release engineering view, the last possible date at which APT
>> key material can be included in d-i would be interesting, I guess.
>
> Last chance for that is the final build of d-i initrds.
>
> --
> see shy jo
And the plan
martin f krafft <[EMAIL PROTECTED]> writes:
> also sprach Goswin von Brederlow <[EMAIL PROTECTED]> [2006.07.26.1601 +0100]:
>> If you can get ftp-master to put the key in that place then I'm
>> willing to patch apt to use it for key updates with enough checking
>> and interactivity to make it save
Florian Weimer wrote:
> From a release engineering view, the last possible date at which APT
> key material can be included in d-i would be interesting, I guess.
Last chance for that is the final build of d-i initrds.
--
see shy jo
signature.asc
Description: Digital signature
* Martin Schulze:
> I'd really love to see this feature properly implemented.
The only approach which is known to work is static keys for stable
releases and stable security updates. The keys can be stored off-line
or on-line, at the discretion of the respective teams.
So far, we have botched a
* martin f krafft ([EMAIL PROTECTED]) [060726 18:07]:
> also sprach Marc Haber <[EMAIL PROTECTED]> [2006.07.26.1632 +0100]:
> > While we're at it, I am very much in favor that we start accepting
> > binary package signatures again. We were on the right way to assure
> > package integrity on a packa
also sprach Thijs Kinkhorst <[EMAIL PROTECTED]> [2006.07.26.1711 +0100]:
> Feel free to start a separate discussion about it though if you feel
> that's useful.
(on another mailing list)
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <[EMAIL PROTE
On Wed, Jul 26, 2006 at 05:06:27PM +0100, martin f krafft wrote:
> also sprach Marc Haber <[EMAIL PROTECTED]> [2006.07.26.1632 +0100]:
> > While we're at it, I am very much in favor that we start accepting
> > binary package signatures again. We were on the right way to assure
> > package integrity
On Wed, 2006-07-26 at 17:32 +0200, Marc Haber wrote:
> While we're at it,
Please don't - this issue is clearly a separate one from the APT Key
Management problem, and is not and has never been a release goal. I've
got no opinion on binary package signatures, but I do know that there's
no dependenc
also sprach Marc Haber <[EMAIL PROTECTED]> [2006.07.26.1632 +0100]:
> While we're at it, I am very much in favor that we start accepting
> binary package signatures again. We were on the right way to assure
> package integrity on a package level when our archive suddenly stopped
> accepting signed
On Wed, Jul 26, 2006 at 04:22:12PM +0100, martin f krafft wrote:
> The way I envision key management is that every Debian machine
> trusts the SPI CA. Then we provide a page to download and verify
> keys, protected by SSL/TLS. Finally, we give the user easy-to-use
> tools to install these keys, and
also sprach Goswin von Brederlow <[EMAIL PROTECTED]> [2006.07.26.1601 +0100]:
> If you can get ftp-master to put the key in that place then I'm
> willing to patch apt to use it for key updates with enough checking
> and interactivity to make it save.
I am much in disfavour of any method that autom
Martin Schulze <[EMAIL PROTECTED]> writes:
> According to the last release update the key management issue for
> Secure APT is not yet resolved.
>
> Are there chances to get key management settled down before the
> release? It would really be a shame if we couldn't get this done and
> provide the
According to the last release update the key management issue for
Secure APT is not yet resolved.
Are there chances to get key management settled down before the
release? It would really be a shame if we couldn't get this done and
provide the user with a proper infrastructure.
This requires coll
27 matches
Mail list logo
