On Mon, Aug 10, 2009 at 9:48 AM, Julian Edwards<[email protected]> wrote: > On Monday 10 August 2009 13:35:37 Martin Pool wrote: >> 2009/8/10 Julian Edwards <[email protected]>: >> > The original intention was to have the PPA owner sign the key. Signing >> > with one master key doesn't really achieve anything other than >> > redirecting the issue of trust to another machine-owned key (as opposed >> > to human-owned) that you don't necessarily know about. >> > >> > Do you think we need better instructions for PPA owners telling them to >> > sign the PPA key? Could we show keys that signed it on the PPA page >> > itself? >> >> I've never seen such an instruction, so maybe you do need better >> instructions - perhaps when setting up the archive you could send mail >> to the team owners and/or show a message on the archive page. >> >> The keyserver does actually have a page that shows signers so you >> could just link to that. There is some weakness that the keyserver >> links are not over https. > > I think what we could do is put a nag message shown only to a PPA owner to > encourage them to sign the key, if it's not already been done. > > Then, we can put a general message on the index confirming the trust, and link > to the keyserver page. > > Michael, can you factor this into your PPA page redesign please! > > Martin, thanks for raising this issue, it's a good time to get these changes > in. :)
Do we really want to include an implicit keyserver hit on every PPA:+index page load for listing signing key signatures ? Despite of the performance and availability issues, I don't see why we are making the signing-key acceptance a manual procedure ? Note that karmic software-properties automatically adds the signing-key trusting LP via HTTPS without even asking for users attention. I personally think that signing the PPA signing-key is wasteful and misleading, signers do not have any control on them, by signing a PPA signing-key we are merely confirming that you trust https, because that's the way you used to confirm that the key you signed was the one LP generated. An user decides to trust bzr-uploaders the moment he accesse the bzr PPA page and add it to his system, not because he is satisfied with the signatures the bzr PPA signing-key has, IMO. That's way different than Martin signing John's key because they've met during All Hands and IDs were checked. For all the effects LP is the central, and only, point of trust. If it gets compromised all signing keys will be revoked and new ones will be generated, users will be warned to drop & reload their PPA keys. -- Celso Providelo <[email protected]> IRC: cprov, Jabber: [email protected], Skype: cprovidelo 1024D/681B6469 C858 2652 1A6E F6A6 037B B3F7 9FF2 583E 681B 6469 _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
