On Sun, Dec 03, 2017 at 12:05:51PM +0100, Bastian Blank wrote: > > in practice, this also has obvious flaws. > Please elaborate.
for a start: one only needs to compromise one machine instead of many...
> > what's the technical reason
> > the buildds are not checking the signatures?
> Unavailability of the keys. Key may have been expired between upload
> and build attempt.
I'm not sure this is an advantage then... or rather: I'd rather see a
requirement that keys used for signing are valid for at least another
year after the upload.
--
cheers,
Holger
signature.asc
Description: PGP signature
