Am 28.04.2010 19:18, schrieb Denis A. Altoé Falqueto:
I was thinking about this problem for sometime and the more complex part is the key distribution and trusting. Now I maybe came to something usefull.
Finally, someone realizes that. The distrubution and trusting of keys is in fact the most difficult problem we are faced with.
I'm thinking about a two way signing process. The dev signs the package and send it to the server. The server would have a script or a cron job to verify if the signature is valid and is from someone trusted [1]. If so, the original signature is discarded and a new one is made, with an official Arch key.
Unacceptable. Servers get compromised way too easily (it happened in the past, and it may happen again). We'd have to store the key without a passphrase on that server for this to work. I'll never support such an approach. We must have a system that allows pacman to automatically verify new developer keys and revoke old ones ... even more important, revoke them in a way that signatures made before a certain date are still accepted, but newer ones aren't. I don't see this easily being implemented with PGP-Keys, but maybe someone else knows more.