On Wed, Oct 07, 2009 at 11:11:14AM +0100, James Westby wrote: > > This is problematic in quite a few regards and we planned to switch over > > to an authenticated (ssh based?) upload mechanism since July of last > > year. > > That's interesting, because... > > > This would make it possible to upload unsigned packages > > That changes the security assurances that we have for packages, you > are now relying on SSH keys rather than GPG keys. Are they believed > to give us the same assurances?
I don't know the answer to that, but I want to underline that changing the GPG requirement is a /possibility/ of allowing SSH uploads. We could also allow people to use SSH but still require GPG-signed packages and rock the boat slightly less during that change. Doing that may require comparing SSH and GPG keys to verify the owners match, but it's an easy step forward. > Is this change driven by concerns over the current process for binary uploads > from the buildds? Well, one driver of it is being able to provide synchronous authentication feedback to the uploader; today anonymous FTP means fire and forget and if we can't validate the GPG key, we can't send email back to the uploader (we don't know who he is!) and that leads to support issues of the sort "where's my upload". Other sorts of more synchronous feedback would be possible in this model. -- Christian Robottom Reis | [+55 16] 3376 0125 | http://launchpad.net/~kiko | [+55 16] 9112 6430 | http://async.com.br/~kiko _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
