summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJoey Hess <joeyh@joeyh.name>2017-05-20 13:44:35 -0400
committerJoey Hess <joeyh@joeyh.name>2017-05-20 13:44:35 -0400
commitdefcceae899729037d8088206a03c43c187b6705 (patch)
tree6fa7fc2a13c54fdb262523ea7e339495dd39db80
parentac5dae52d17c513cfeeb050e8adacae18e11eda8 (diff)
downloaddebug-me-defcceae899729037d8088206a03c43c187b6705.tar.gz
good idea!
-rw-r--r--doc/todo/use_distribution_keyrings/comment_1_e383699dbed1890a16e3dfa80bd60905._comment28
1 files changed, 28 insertions, 0 deletions
diff --git a/doc/todo/use_distribution_keyrings/comment_1_e383699dbed1890a16e3dfa80bd60905._comment b/doc/todo/use_distribution_keyrings/comment_1_e383699dbed1890a16e3dfa80bd60905._comment
new file mode 100644
index 0000000..3270c33
--- /dev/null
+++ b/doc/todo/use_distribution_keyrings/comment_1_e383699dbed1890a16e3dfa80bd60905._comment
@@ -0,0 +1,28 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2017-05-20T17:33:53Z"
+ content="""
+Very good idea!
+
+I suppose all it needs is a list of keyrings to check, and if it finds a
+key there, it can say "John Doe is a Debian developer" rather than the current
+"John Doe is probably a real person".
+
+This could be extended beyond distributions; individual software programs
+could also ship keyrings with their developer(s).
+
+So, how about rather than a hardcoded distro-specific list of keyrings,
+make debug-me look in /usr/share/debug-me/keyring/$project.gpg
+There could be an accompnying file $project.desc that describes the
+relationship to the project that being in their keyring entails. Eg,
+"Relationship: Debian developer" in debian.desc.
+
+In the debian package of debug-me, you could then symlink
+/usr/share/keyrings/debian-keyring.gpg to the debug-me keyring directory.
+
+The only risk is that some shady software project ships a keyring with a
+.desc file that contains "Debian developer", so debug-me will claim a bogus
+key is the key of a debian developer. But if a debug-me user is using such
+shady software, it's probably rooted their computer already..
+"""]]