[arch-dev-public] [RFC] Moving repos to nymeria
bisson at archlinux.org
Sun Sep 16 01:59:29 EDT 2012
[2012-09-15 23:24:57 +0200] Florian Pritz:
> >> Did we abandon the idea of having packagers download the old DB, check
> >> its signature, do changes to it, sign the new DB, and upload it back?
> >> Because I would certainly find this much safer and trustworthy than
> >> having a black-box server blindly signs anything it is given.
> Limiting the shell creates a trusted server which makes signing the
> databases way more secure because even if we use remote signing the hash
> is calculated on the server.
Do we really need remote signing for the DB, given that each of us
already downloads the DB when upgrading, most likely several times a
day? I do not think downloading it a couple more times when pushing
packages will change much. Then I see no need to trust the server: I
download the current DB and its signature, check it (it's by Florian P,
and of course I trust him), apply my changes, sign and upload back.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 230 bytes
Desc: not available
More information about the arch-dev-public