[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tag2upload service architecture and risk assessment - draft v2

Scott Kitterman <debian@kitterman.com> writes:

> Several time people have said they feel it's important to be able to verify
> from contents of the archive.

Hi all,

Please forgive my ignorance if this is stupid, or if it's already been
discussed and I overlooked it. I'm not posing this as a suggestion, but
rather as a way for me to help myself understand the technical aspects
of this very interesting debate better.

Why could there not be specified new (complementary, not superseding!)
formats of .dsc and .changes files wherein those files are not expected
to be signed themselves, but instead are expected to refer to signed git
tags? When ftp-master sees this particular format, it could perform a
shallow git clone of the required tag, verify it, and consider that as
the source of the package. That source object in the archives is then
verifiably from the signer, and requires no intermediate service (apart
from the current problems of people changing keys etc.).

Obviously I'm missing something here, and I feel I'd learn something
interesting if someone could explain.

Thanks, and sorry for the potential small distraction from the
conversation.


 -- Gard
Reply to: