On Tue, Mar 1, 2011 at 1:25 AM, Allan McRae <[email protected]> wrote: > On 19/02/11 12:02, Denis A. Altoé Falqueto wrote: >> >> Hi, >> >> Well, it seems I'm busy lately, doesn't it? :) >> >> I was implementing the first TODO list for repo-add in (see >> https://wiki.archlinux.org/index.php/User:Allan/Package_Signing) and >> stuck in a point where I need some opinions on what to do. >> >> repo-add should verify if the signature is valid and if it is from >> someone from a list of valid keys. I think that list should be >> pacman's keyring, because it is the keyring the final user will use to >> verify the signatures, right? >> >> So, repo-add needs read access to pacman's keyring, so the keyring >> would need to be readable for anyone. gpg emits a warning when the >> keyring dir and files have insecure permissions (any permissions for >> group owner and other users). In my opinion, this could be ignored, >> because pacman's keyring doesn't have any private information. Of >> course, writing permissions should be granted only to root, the owner >> of the keyring. >> >> After all, do you agree with my reasoning? Can we make pacman's >> keyring readable for anyone? >> > > The more I think about this, I am beginning to lean towards just leaving > this at the moment. I think we should wait for some actual usage of the > signing system before we can decide exactly what to do here. Once a > workflow is figured out for when a distribution starts using this signing > system, we will know when the repo db is being signed (in a central > location, on the developers computer and then uploaded, etc) and by what key > (repo master key, developers key) and then we can see where improvements can > be made. > > So lets just skip that TODO item for now. > > Allan > >
I came to the same conclusion yesterday. Thanks for the reply :) -- A: Because it obfuscates the reading. Q: Why is top posting so bad? ------------------------------------------- Denis A. Altoe Falqueto Linux user #524555 -------------------------------------------
