Am 03.11.2013 11:03, schrieb Allan McRae: > If an attacker obtains any of our packagers keys then they can sign a > package. So by your logic we should not be signing packages. > > Also, this is the way every other distro signs their databases and > packages. And they all use gpgv to verify packages which has no idea > about a web of trust. This seems like something we should be able to > achieve... > > Finally, I think signing databases is far more important than signing > packages. The most practical attack on Arch is to become a mirror and > hold back package updates with known vulnerabilities. Then you even > know the IP addresses of people who have the vulnerable package. DB > signing stops this as the entire database needs held back and people > will notice the lack of updates.
I tend to fully agree with Allan here. We need to sign databases and the risk of having the signing key on nymeria is smaller than you make it look.
signature.asc
Description: OpenPGP digital signature
