Re: PGP signing release

From: Curt Sampson <cjs(at)cynic(dot)net>
To: Greg Copeland <greg(at)CopelandConsulting(dot)Net>
Cc: PostgresSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: PGP signing release
Date: 2003-02-12 00:27:15
Message-ID: Pine.NEB.4.51.0302120922380.6267@angelic.cynic.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, 11 Feb 2003, Greg Copeland wrote:

> On Wed, 2003-02-05 at 18:53, Curt Sampson wrote:
>
> [Re: everybody sharing a single key]
>
> This issue doesn't change regardless of the mechanism you pick. Anyone
> that is signing a key must take reasonable measures to ensure the
> protection of their key.

Right. Which is why you really want to use separate keys: you can determine
who compromised a key if it is compromised, and you can revoke one without
having to revoke all of them.

Which pretty much inevitably leads you to just having the developers use
their own personal keys to sign the release.

> Basically, you are saying:
> You trust a core developer
> You trust they can protect their keys
> You trust they can properly distribute their trust
> You don't trust a core developer with a key

Not at all. I trust core developers with keys, but I see no reason to
weaken the entire system by sharing keys when it's not necessary. Having
each developer sign the release with his own personal key solves every
problem you've brought up.

cjs
--
Curt Sampson <cjs(at)cynic(dot)net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message scott.marlowe 2003-02-12 00:32:58 Re: Changing the default configuration (was Re:
Previous Message Rick Gigger 2003-02-12 00:25:29 Re: [HACKERS] Changing the default configuration (was Re: