launchpad-users team mailing list archive
Mailing list archive
Re: Why are there multiple keys for different PPAs from the same user/team?
On Tue, Apr 7, 2009 at 4:13 PM, Christian Robottom Reis
> Just to clear some potention confusion:
> On Tue, Apr 07, 2009 at 03:00:39PM -0300, Celso Providelo wrote:
>> > In my eyes this is weird behaviour. If I'm correctly signing packages
>> > has the purpose of making sure the package was really added by the
>> > maintainer of the repository and allowing you to track down the
>> > credibility of that person or team via his/her/their key.
>> > We don't use keys to prove that package X from repository Y comes from
>> > repository Y. This, however, is what Launchpad is doing at the moment.
> I'm not sure why you say you don't use keys to prove that package X
> comes from repository Y -- that is exactly what we use signed archives
> for: to avoid the risk of a MITM impersonation of an archive.
Sense's point is that if you trust person A publication of package X
in the repository Y why wouldn't you trust A publishing package W in
repository Z. You trust A doesn't matter 'what' and 'where'.
The MITM protection is indirect, since what is being authenticated
with signing-keys is the content being published, not necessarily the
location where they are published.
If a pristine copy of the repository is published on a DNS poisoned
location it should be fine from apt's PoV, even if it's considered a
MITM. Apt would only complain if the repository contents changes, for
instance, a deb gets replaced by a compromised version.
This is the aspect that allows mirroring repositories without getting
into the complexity of re-authenticating their contents.
Celso Providelo <celso.providelo@xxxxxxxxxxxxx>
IRC: cprov, Jabber: cprov@xxxxxxxxxx, Skype: cprovidelo
1024D/681B6469 C858 2652 1A6E F6A6 037B B3F7 9FF2 583E 681B 6469