Am 20.02.2012 00:05, schrieb Gaetan Bisson: > I do not understand the purpose of this tree. Actual key verification > happens when a user lsigns certain keys of their keyring, why do it > here? Our public key infrastructure can cope perfectly well with a > keyring package shipping corrupted keys, so long as users do some > verification before lsigning the master keys.
Sure the verification in the update script is technically not needed. This is more a QA check for the package maintainer. And I'd also think it'll be good practice to ensure the the package only contains valid and fully trusted keys. > If you feel our public key infrastructure needs more security, it should > be added down in the infrastructure itself rather than convenience > layers such as the keyring package. > > Since that tree duplicates information from archweb and data that I > thought we agreed to let keyservers handle, I would consider much > simpler and convenient to generate the list of packagers from archweb > and retrieve the corresponding keys from a keyserver as we go in the > build() function of the package. The keyids come from archweb (maybe we can have a simple export later). We also download missing keys from the keyservers. Imho it's nice to have a local copy independent from any third party services. But sure, some of this design decisions are a matter of taste and we could even change it as we go. Imho it's more important to concentrate things that really matter here. -- Pierre Schmitz, http://pierre-schmitz.com
