[pacman-dev] [PATCH 1/5] pacman-key: keyring management tool

Denis A. Altoé Falqueto denisfalqueto at gmail.com
Wed Sep 22 21:38:39 EDT 2010 

On Wed, Sep 22, 2010 at 6:20 PM, Allan McRae <allan at archlinux.org> wrote:
>> We could have an option in pacman.conf that indicates which keys must
>> be kept, even if in the list of removed keys. For example, an option
>> called HoldKeys, in the same spirit of HoldPkg.
>>
>> Do you agree with the need and solution?
>
> Just because a developer leaves, does not make his old packages unsafe.  So
> we really do not want to be rebuilding everything just to resign them.  I
> think that removing of a key needs to be handled more gracefully at a
> distribution level rather than immediately removing the key.
>
> Saying that, the case of a developer leaving but still hosting a third party
> repo is interesting and probably needs some work around such as you have
> pointed out.  The pacman.conf options seems reasonable.  But how about
> having a system like:
>
> addedkeys - key currently being used to sign packages
> depricatedkeys - keys previously used to sign packages but still safe
> removedkeys - keys that have been revoked.
>
> I guess these are the sort of things that we will discover with some real
> world usage.

Yes, I agree. I'll try to implement the option and what you propose,
because it will give a better organization. So, the operation of
reloading could be summarized as:

keyring = (added keys + deprecated keys) - (removed keys - kept keys)

> Also, I just noticed:
>        local ADDED_KEYS="${PACMAN_SHARE_DIR}/addedkeys.gpg"
>        local REMOVED_KEYS="${PACMAN_SHARE_DIR}/removedkeys"
>
> The file extension is not consistent.

Yes, it is kind of intentional :) it needs some explanation.

The added keys must be a file with the complete public key that is
being imported, of course. But the removed keys don't need to. In the
current implementation, it is only a list of key identifiers and the
added keys are a real keyring, not just an export of a set of keys.

This seems contrived at first, as I thought when I saw it in apt-get,
but later I saw the purpose of it. We can manipulate the added keys
and select which ones will be imported. The above "equation" is an
example of such manipulation.

We can also change the extensions. I don't have a problem with that.
But this explanation may help the decision.

-- 
A: Because it obfuscates the reading.
Q: Why is top posting so bad?

-------------------------------------------
Denis A. Altoe Falqueto
-------------------------------------------

More information about the pacman-dev mailing list