[Date Prev][Date Next][Thread Prev][Thread Next][Date Index ][Thread Index ]

[Launchpad-users] Why are there multiple keys for different PPAs from the same user/team?

To: Launchpad Users <launchpad-users@xxxxxxxxxxxxxxxxxxx>
Subject: [Launchpad-users] Why are there multiple keys for different PPAs from the same user/team?
From: Sense Hofstede <sense@xxxxxxxx>
Date: Tue, 7 Apr 2009 18:18:49 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=eQOycfAERDXOsvrV33n/k2DBHg5DtTKuY0w60QG6MIo=; b=t6wA9Hgmd1AX9728Om2aEwViNacpiJBUmbx7xnv5AwyOob380sA8KR3/1FyA0H83v6 VQHcugzXN9eYVRRvf+BRk8UouetHMUMMpGK03B6EmpD8tE66sitki8ddkQs0xyXwZ5o9 j67mmFDtJybhYfakCER30w3gK5FZUtzkn1DpU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type:content-transfer-encoding; b=sVbzeg+k8EqgkcwdhGfkGeV8vDev2bNHWlDvXSWXJLfrvsKov13ADeUnG+LQjxwLLA uVRGZX3/Z+pNPJVScwX69iMG+aTZYybZ/5axUrP8A+E43eu2kxsgDYf/69z8xKTP7rVY Q2J6y+mNPN5u2Gm6vJI/wEWaD9HkPAeWCFtIg=
List-archive: <http://lists.launchpad.net/launchpad-users>
List-help: <https://help.launchpad.net/ListHelp>
List-id: <launchpad-users.lists.launchpad.net>
List-owner: <https://launchpad.net/~launchpad-users>
List-post: <mailto:launchpad-users@lists.launchpad.net>
List-subscribe: <https://launchpad.net/~launchpad-users>
List-unsubscribe: <https://launchpad.net/~launchpad-users>
Sender: sense.pc@xxxxxxxxx

Hello,

As you can see at the PPAs that made me think of this issue [1][2],
all PPAs have a key of their own. Why?

In my eyes this is weird behaviour. If I'm correctly signing packages
has the purpose of making sure the package was really added by the
maintainer of the repository and allowing you to track down the
credibility of that person or team via his/her/their key.
We don't use keys to prove that package X from repository Y comes from
repository Y. This, however, is what Launchpad is doing at the moment.
This problem has worsened since multiple PPAs per user/team were
introduced. Now you have one key for every PPA.

I think it would be much more logical to use, in case of humans, the
main key (or let the user specify the preferred, in Launchpad imported
key) be the PPA's key.
I do understand that you have to generate a new one for a team.
However, I think it would make sense to generate a key just once and
use it for all other repositories.

In one sentence: couple PPA keys to the maintainers, not to the PPAs.

King regards,
-- 
Sense Hofstede
<http://www.qense.nl/>

[1] https://launchpad.net/~vperetokin/+archive/ppa
[2] https://launchpad.net/~vperetokin/+archive/gnote

Follow-Ups:
- Re: [Launchpad-users] Why are there multiple keys for different PPAs from the same user/team?
  - From: Celso Providelo

Prev by Date: Re: [Launchpad-users] bzr checkout lp?
Next by Date: Re: [Launchpad-users] Why are there multiple keys for different PPAs from the same user/team?
Previous by thread: [Launchpad-users] bug atom feeds not updating
Next by thread: Re: [Launchpad-users] Why are there multiple keys for different PPAs from the same user/team?
Index(es):
- Date
- Thread

This is the launchpad-users mailing list archive — see also the general help for Launchpad.net mailing lists.

(Formatted by MHonArc.)