Bojan Smojver <bojan(a)rexursive.com> writes:
For instance, an attacker being in the position of injecting a bad
package and signing it with Fedora key would still get nowhere, as he'd
need to convince other signatories to sign those packages before them
being any threat to Fedora users. Before signing, signatories could
require that original contributor that built the package for a
particular tag sends a signed e-mail (containing that tag and package
checksums - valid only once) to the signatories, therefore requiring yet
another compromised private key in order to perform an attack.
Yup, packagers are going to do that, sure...
Most of us are overworked already. We aren't going to jump through any
hoops for third-party signatories.
regards, tom lane