Re: Pacman makepkg and signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 10/25/11, Denis A. Altoé Falqueto <denisfalqueto@xxxxxxxxx> wrote:
> The trust problem is complex, indeed, but we can at least mitigate it
> doing the following (it's what I do):
>
> 1. set TrustedOnly, instead of TrustAll
> 2. import the keys when pacman asks
> 3. # pacman-key --edit-key <email or id for key>. That will open a gpg
> session.
> 4. go to http://www.archlinux.org/developers/ and/or
> http://www.archlinux.org/trustedusers/ to check the new signatures
> 5. sign the key, checking if the fingerprint is correct, according to
> the websites from step 4
> 5. perform save to apply the changes
>
> That way, one can be a little more secure when trusting the keys. The
> point is always checking with different places. Today, there are the
> keyservers and the Arch developer info pages. Some day, there could be
> more options (read-only wiki page, fixed BBS posts), so if one is
> compromised, the others can serve as checkpoints for integrity.
>
> IMHO, I don't like TrustAll very much (and the equivalents concepts in
> other distributions). It takes the responsibility from the users, who
> are the ultimate decision makers of their systems. But that is just my
> opinion (not an invitation to a long pointless discussion). We have
> options enough to satisfy everyone.

Thanks for the suggested steps.  That tells me a bit more about the
process.  I may give that a try fairly soon.I've done very little with
pgp; just setup a personal pgp key pair several years ago and use it
with some of my e-mail but other than that, just pretty much left it
alone.  It seemed like any time I read much about this encryption
stuff, it seemed to rise right up way over my head.  I suppose I
should try and get my head more around this encryption stuff sooner
than later.


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux