© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
@alsuren
> An https site certificate is enough trust for most users to trust the server
https does not help apt-get ...
apt-get needs signed packages and signed repositories.
> so the developer should not be forced to sign the ppa key
Not needed but nice to have.
> If the user's launchpad account is compromised, [...]
> If this happens then no amount of key revocation will stem the flow of chaos that the attacker is be capable of.
A attacker can not upload compromised packages unless he has the package-
Changing the signing-fingerprint on launchpad should only be possible if signed by the old key or with a email-verificat
> What key removal should do to the PPA is a point for further discussion
It should only remove the signature from the repository.
> Any packages that were potentially modified by an attacker should be manually version bumped to clean them off users' systems
If a compromised package gets installed, the whole system could be compromised and needs to be reinstalled!
A updated package can not always remove all changes because a compromised package can download and execute virus-addons which can do unpredictable stuff...