launchpad-dev team mailing list archive

[Martin Pool <mbp@xxxxxxxxxxxxx>]

2009/8/10 Celso Providelo <celso.providelo@xxxxxxxxxxxxx>:
> I personally think that signing the PPA signing-key is wasteful and
> misleading, signers do not have any control on them, by signing a PPA
> signing-key we are merely confirming that you trust https, because
> that's the way you used to confirm that the key you signed was the one
> LP generated.
>
> An user decides to trust bzr-uploaders the moment he accesse the bzr
> PPA page and add it to his system, not because he is satisfied with
> the signatures the bzr PPA signing-key has, IMO. That's way different
> than Martin signing John's key because they've met during All Hands
> and IDs were checked.
>
> For all the effects LP is the central, and only, point of trust. If it
> gets compromised all signing keys will be revoked and new ones will be
> generated, users will be warned to drop & reload their PPA keys.

Well, that's basically the point I tried to make in
<https://bugs.edge.launchpad.net/soyuz/+bug/410745> - but it's not the
first time it came up, and apparently it does worry people.  If this
is how you're going to do it then maybe having a FAQ or Help page
explaining it would be good.


-- 
Martin <http://launchpad.net/~mbp/>