launchpad-dev team mailing list archive

[Celso Providelo <celso.providelo@xxxxxxxxxxxxx>]

On Mon, Aug 10, 2009 at 10:25 AM, Martin Pool<mbp@xxxxxxxxxxxxx> wrote:
> 2009/8/10 Celso Providelo <celso.providelo@xxxxxxxxxxxxx>:
>> I personally think that signing the PPA signing-key is wasteful and
>> misleading, signers do not have any control on them, by signing a PPA
>> signing-key we are merely confirming that you trust https, because
>> that's the way you used to confirm that the key you signed was the one
>> LP generated.
>>
>> An user decides to trust bzr-uploaders the moment he accesse the bzr
>> PPA page and add it to his system, not because he is satisfied with
>> the signatures the bzr PPA signing-key has, IMO. That's way different
>> than Martin signing John's key because they've met during All Hands
>> and IDs were checked.
>>
>> For all the effects LP is the central, and only, point of trust. If it
>> gets compromised all signing keys will be revoked and new ones will be
>> generated, users will be warned to drop & reload their PPA keys.
>
> Well, that's basically the point I tried to make in
> <https://bugs.edge.launchpad.net/soyuz/+bug/410745> - but it's not the
> first time it came up, and apparently it does worry people.  If this
> is how you're going to do it then maybe having a FAQ or Help page
> explaining it would be good.

Martin,

Right, I forgot to mention that I was *agreeing* with your original point :)

I believe that improving the PPA Help section that explains how to get
the signing-keys will suffice. I hope Matt Revell can help me to find
the appropriate words for this.

[]
-- 
Celso Providelo <celso.providelo@xxxxxxxxxxxxx>
IRC: cprov,  Jabber: cprov@xxxxxxxxxx, Skype: cprovidelo
1024D/681B6469 C858 2652 1A6E F6A6 037B  B3F7 9FF2 583E 681B 6469