Am 28.04.2010 19:18, schrieb Denis A. Altoé Falqueto: > I was thinking about this problem for sometime and the more complex > part is the key distribution and trusting. Now I maybe came to > something usefull. Finally, someone realizes that. The distrubution and trusting of keys is in fact the most difficult problem we are faced with. > I'm thinking about a two way signing process. The dev signs the > package and send it to the server. The server would have a script or a > cron job to verify if the signature is valid and is from someone > trusted [1]. If so, the original signature is discarded and a new one > is made, with an official Arch key. Unacceptable. Servers get compromised way too easily (it happened in the past, and it may happen again). We'd have to store the key without a passphrase on that server for this to work. I'll never support such an approach. We must have a system that allows pacman to automatically verify new developer keys and revoke old ones ... even more important, revoke them in a way that signatures made before a certain date are still accepted, but newer ones aren't. I don't see this easily being implemented with PGP-Keys, but maybe someone else knows more.
Attachment:
signature.asc
Description: OpenPGP digital signature
