On Fri, 2009-08-07 at 15:43 -0400, Karl Fogel wrote: > > But being able to at least transfer trust from a source signer to the > resultant binary would still help. It does leave a rather large hole that $arbitrary-attacker can use: create a PPA upload someone elses valid bugfix upload a malicious binary build You mention transferring trust; I don't think that that really applies here - what is needed is _trust in the individual_ - to the same degree of trust that Debian currently places in people able to upload (as DM's and DD's can do) binaries to the Debian archive. (And note, Debian is now hoping to start discarding those very same binaries). On the other hand, folk that can't upload (say) PPC binaries today are uploading them to project files, and users are still using them. So its not really more secure for users; just more awkward. Unfortunately I don't have any good suggestions beyond 'find some way to decide if X is trustworthy', and if they are let them do what they like :). -Rob
Attachment:
signature.asc
Description: This is a digitally signed message part
This is the launchpad-users mailing list archive — see also the general help for Launchpad.net mailing lists.
(Formatted by MHonArc.)