incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benson Margulies <>
Subject Re: key signing
Date Thu, 11 Oct 2012 12:19:56 GMT
Greg having more or less restated my opening position ("how do we
improve assurance for probable actual users"), I'd throw in another

Threat analysis is all well and good, but it please don't forget the
biggest principle here. If the assurance mechanism is so abstruse that
users won't understand it, or so complex that they can't use it, then
they won't, and they will be at the mercy of the dumbest possible

Before we worry about MITM, or subverted Apache infrastructure, I
claim that we should be offering users a simple, easy-to-understand
means of protecting against fraudulent packages. As per Greg, the
signatures do that. As per me, unsigned keys verified against Apache
infrastructure do that.

Over and above that, we could then ask, 'how could we improve
protection against most complex problems?'

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message