On Tue, Apr 7, 2009 at 4:13 PM, Christian Robottom Reis <kiko@xxxxxxxxxxxxx> wrote: > Just to clear some potention confusion: > > On Tue, Apr 07, 2009 at 03:00:39PM -0300, Celso Providelo wrote: >> > In my eyes this is weird behaviour. If I'm correctly signing packages >> > has the purpose of making sure the package was really added by the >> > maintainer of the repository and allowing you to track down the >> > credibility of that person or team via his/her/their key. >> > We don't use keys to prove that package X from repository Y comes from >> > repository Y. This, however, is what Launchpad is doing at the moment. > > I'm not sure why you say you don't use keys to prove that package X > comes from repository Y -- that is exactly what we use signed archives > for: to avoid the risk of a MITM impersonation of an archive. Sense's point is that if you trust person A publication of package X in the repository Y why wouldn't you trust A publishing package W in repository Z. You trust A doesn't matter 'what' and 'where'. The MITM protection is indirect, since what is being authenticated with signing-keys is the content being published, not necessarily the location where they are published. If a pristine copy of the repository is published on a DNS poisoned location it should be fine from apt's PoV, even if it's considered a MITM. Apt would only complain if the repository contents changes, for instance, a deb gets replaced by a compromised version. This is the aspect that allows mirroring repositories without getting into the complexity of re-authenticating their contents. -- Celso Providelo <celso.providelo@xxxxxxxxxxxxx> IRC: cprov, Jabber: cprov@xxxxxxxxxx, Skype: cprovidelo 1024D/681B6469 C858 2652 1A6E F6A6 037B B3F7 9FF2 583E 681B 6469
This is the launchpad-users mailing list archive — see also the general help for Launchpad.net mailing lists.
(Formatted by MHonArc.)