06.04.2014 04:02, Jonathan McDowell wrote: > You're making an assumption that the key on the filesystem at > /usr/share/keyrings/debian-role-keys.gpg is the right one, which relies > on a whole extra chain of trust which I referred to above.
If the keys are in /usr/share/keyrings/debian-role-keys.gpg, their authenticity is verified by APT during installation. If the user doesn't trust the verification performed by APT, he should not trust the system anyway. Therefore, the user can generally trust the keys in /usr/share/keyrings/debian-role-keys.gpg without any additional verification. By the way, GPG makes it rather nontrivial to securely verify a trust path from key A to key B without marking the key A as trusted. For example, there is no option to print a fingerprint of a key which is used to sign a given key, and matching keys by ID is not secure, since an attacker can forge a key with the same ID as that of a legitimate key. -- To UNSUBSCRIBE, email to debian-live-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5340a0f8.2020...@gmail.com
