Ian Jackson <ijack...@chiark.greenend.org.uk> writes:
> Russ Allbery writes ("Re: git & Debian packaging sprint report"):>> If so, I think that security model is roughly equivalent to the >> automatic signing of binary packages by buildds, so probably doesn't >> introduce a new vulnerability, but my understanding was that the >> identity of the signature on the source package was used in various >> other places. Presumably we would need to introduce some new metadata >> so that the uploader is mapped properly to the Git tag signer, rather >> than to some internal identity of the source package construction >> service. > I think in general those places are probably mistakes. But I'm not > aware of all of them. One way to look at this is that from the > archive's point of view this robot is a kind of sponsor. I don't > think anything will go badly wrong. What if I'm actually sponsoring a package and use this tool to upload it? I feel like overwriting the sponsor information for the package would lose information. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
