On Tue, Feb 25, 2014 at 10:51:56AM -0800, Russ Allbery wrote:
> Gunnar Wolf <gw...@gwolf.org> writes:
> > Ian Jackson dijo [Mon, Feb 24, 2014 at 05:57:57PM +0000]:
>
> >> I think this is a bug.
> >>
> >> It can increase security because it can make operations more
> >> convenient at the same level of security, and because people trade off
> >> convenience for security.
> >>
> >> For example, it would be possible to have one key for email encryption
> >> and a different (more secure) key for package uploads.
...
> For email signatures, don't quite a few more things care? All votes,
> db.debian.org operations, etc.
More relevantly an email signature isn't any different to a signature
for a package upload, so DDs would have to specify what the use for each
key was, keyring-maint would have to maintain appropriate keyrings
indicating what the expected use of a key was, and all the project
facilities that make use of signatures would have to make decisions
about which keyring they were using.
(Yes, for encryption that's a different situation but the only example I
can think of where the project uses encryption to a key in the keyring
at present is the initial account password / a password reset. And for
an encryption/signing split subkeys should be able to handle the desired
outcome, I think.)
J.
--
xmpp:nood...@earth.li
Time is an illusion. Lunchtime doubly so.
--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140225201243.go27...@earth.li
