Opened at 2008-08-06T19:37:38Z
Closed at 2011-12-21T04:29:54Z
#497 closed task (wontfix)
we should sign the .debs published through our APT repository
| Reported by: | warner | Owned by: | somebody |
|---|---|---|---|
| Priority: | major | Milestone: | eventually |
| Component: | dev-infrastructure | Version: | 1.2.0 |
| Keywords: | security install | Cc: | |
| Launchpad Bug: |
Description
For both our internal server operations folks, and for the community at large, we should really have some sort of signature on the .debs that we create. Users could then add the allmydata key to their APT keyring and be less vulnerable to a compromised mirror.
Change History (3)
comment:1 Changed at 2008-08-06T19:42:45Z by warner
comment:2 Changed at 2010-03-25T01:23:44Z by davidsarah
- Keywords security install added
- Milestone changed from undecided to eventually
comment:3 Changed at 2011-12-21T04:29:54Z by warner
- Resolution set to wontfix
- Status changed from new to closed
We stopped creating and shipping .debs, leaving that to the debian/ubuntu maintainers. So we can close this as WONTFIX.
Note: See
TracTickets for help on using
tickets.
zandr points out that, once the debs are signed, you use "apt-key add FILENAME" to add a new public key to the trusted ring. "apt-key list" shows the currently trusted keys.