Secrecy and user trust
Bill Davidsen
davidsen at tmr.com
Fri Sep 5 13:59:26 UTC 2008
Jeff Spaleta wrote:
> If you want to be security paranoid concerning the validity of the new
> key when it becomes available.. go right ahead.. be paranoid about it.
> But if you need 3rd parties to sign off on the key before you use it,
> then you should already have been talking to 3rd parties about doing
> it for the last Fedora key. Talk to the 3rd parties.. get them to
> agree to sign the new key and put the detached signatures somewhere
> public.
>
This is a (hopefully) one-time problem, and therefore it probably
doesn't need a perfect, automated, runs-by-itelf solution. And my
assumption has been that some people at other repositories do personally
know and interact with official people in the Fedora project, and that
there is an out-of-band way to pass information to the people at some
other repository. Given the nature of the problem, that could mean
carrying a CD a hundred miles to meet with someone who is personally
known to you from a presentation, etc, etc. It need not be pretty, let's
assume that this is a one-time problem.
The the other repository creates an RPM, containing not the key, but the
RPM created by Fedora, signed appropriately, which in turn contains the
new key, and distributes an RPM which installs an RPM, which rpm (the
program) now knows how to handle. So instead of signing a key, they
create and sign an RPM which itself contains an RPM, which can be
manually installed by the cautious.
Does that satisfy the technical issues you raised? It's what I had in
mind initially, when I proposed a secure means of distributing the
information. I know it's ugly, but it's a one night stand.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users
mailing list