On Sat, Apr 07, 2018 at 11:53:08AM +0530, Pierre Neidhardt via aur-general 
wrote:
> To perform the complete operation on soyuz, we need to forward the
> gpg-socket (and the SSH socket if different) to soyuz, which defeats the PGP
> / Web of Trust security model: for a person with root access to soyuz,
> the private key is only one passphrase away.
> 

Which is why I have been working on clave[1]. It helps in the cases where build
artefacts are large and sorta useless to download after building. But it doesn't
prevent the case where a malicious root user is capable of switching the files
right after build, unless you do some additional verification after generating
the signing request. 

Since it creates signatures with the new packet style, it won't be supported
before pacman 5.1, and I plan on improving it a bit before that time.


[1]: https://github.com/Foxboron/clave 

-- 
Morten Linderud

PGP: 9C02FF419FECBE16

Attachment: signature.asc
Description: PGP signature

Reply via email to