[arch-projects] [dbscripts][PATCH] Prepare to sign repo databases

Thomas Bächler thomas at archlinux.org
Sun Nov 3 04:16:27 EST 2013

Am 03.11.2013 09:50, schrieb Pierre Schmitz:
> I don't see how this could work. If you sign a package using that key
> pacman will happily accept it as valid. So if nymeria gets compromised
> the attacker obtains a valid packager key. Imho implementing db sigs
> this way is less secure than not implementing it at all.

We can use a subkey of a valid packager key. That way, revoking the
subkey is very easy and doesn't need 5 people, but just one.

If we secure the private key properly on nymeria (see my first mail),
then compromising nymeria is not sufficient, you actually need to become
root there (which hopefully shouldn't be too easy).

Actually, other distributions have keys on their servers for signatures,
too, even to sign packages (I remember seeing very unpersonal,
repository-based PGP key on openSuSE).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-projects/attachments/20131103/0e6fec68/attachment.asc>

More information about the arch-projects mailing list