diff options
author | Joey Hess <joeyh@joeyh.name> | 2017-05-20 13:44:35 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2017-05-20 13:44:35 -0400 |
commit | defcceae899729037d8088206a03c43c187b6705 (patch) | |
tree | 6fa7fc2a13c54fdb262523ea7e339495dd39db80 /doc | |
parent | ac5dae52d17c513cfeeb050e8adacae18e11eda8 (diff) | |
download | debug-me-defcceae899729037d8088206a03c43c187b6705.tar.gz |
good idea!
Diffstat (limited to 'doc')
-rw-r--r-- | doc/todo/use_distribution_keyrings/comment_1_e383699dbed1890a16e3dfa80bd60905._comment | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/doc/todo/use_distribution_keyrings/comment_1_e383699dbed1890a16e3dfa80bd60905._comment b/doc/todo/use_distribution_keyrings/comment_1_e383699dbed1890a16e3dfa80bd60905._comment new file mode 100644 index 0000000..3270c33 --- /dev/null +++ b/doc/todo/use_distribution_keyrings/comment_1_e383699dbed1890a16e3dfa80bd60905._comment @@ -0,0 +1,28 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2017-05-20T17:33:53Z" + content=""" +Very good idea! + +I suppose all it needs is a list of keyrings to check, and if it finds a +key there, it can say "John Doe is a Debian developer" rather than the current +"John Doe is probably a real person". + +This could be extended beyond distributions; individual software programs +could also ship keyrings with their developer(s). + +So, how about rather than a hardcoded distro-specific list of keyrings, +make debug-me look in /usr/share/debug-me/keyring/$project.gpg +There could be an accompnying file $project.desc that describes the +relationship to the project that being in their keyring entails. Eg, +"Relationship: Debian developer" in debian.desc. + +In the debian package of debug-me, you could then symlink +/usr/share/keyrings/debian-keyring.gpg to the debug-me keyring directory. + +The only risk is that some shady software project ships a keyring with a +.desc file that contains "Debian developer", so debug-me will claim a bogus +key is the key of a debian developer. But if a debug-me user is using such +shady software, it's probably rooted their computer already.. +"""]] |