> anyone stupid enough to abuse their position may only do so once, at which point their GPG key is revoked.
You are talking about a deterrent though. I think the question is, what if someone cares more about their political cause than retaining their uploader access? What if someone's keys are compromised and an attacker uploads a compromised package? Do we have ways of detecting these breaches or do we rely solely on user reports? On Mon, May 23, 2022 at 11:22 AM lkcl <luke.leigh...@gmail.com> wrote: > On Mon, May 23, 2022 at 6:28 PM Adam McKenna <a...@flounder.net> wrote: > > > > > i believe the answer is in the question. debian is based on > distributed trust. i did the analysis (took 3 weeks): it is literally the > only distro in the world with an inviolate chain of trust from a large > keyring dating back 20 years that is itself GPG-signed as a package, with a > package distribution chain from source where all components within the > chain up to release are unbroken and inviolate. > > > > This is not an answer to the question though, OP was asking how we > prevent abuse of that trust. > > reputation, and potentially criminal and civil proceedings. > > all identities are known, and inviolate-known [through the > above-described chain]. > anyone stupid enough to abuse their position may only do so once, at which > point their GPG key is revoked. > > given that GPG key-signing parties require people's real-world identities > to be known, it is easy to track down who signed whose key (it's right > there in the keyring-archive], and request that the signer provide > assistance > to the relevant authorities in proving that real-world identity. > > this will sufficiently piss off those people that trusted them that they > will > be unlikely to work with them ever again [reputation] > > in addition there is the Debian Trademark which if brought into disrepute > through abuse could be utilised to seek damages against the perpetrator. > > bottom line is that it would be a spectacularly stupid thing to do to > violate > the trust and responsibility of being a Debian Maintainer, and the really > interesting bit to me is that this all works in an entirely distributed > manner > and can all entirely be done entirely without a single centralised > authority, > i.e. *not* having to trust f*****g google or f*****g github with anyone's > real-world identity in any way shape or form. > > l. >
