HackerTrans
トップ新着トレンドコメント過去質問紹介求人

xloem

no profile record

コメント

xloem
·5 年前·議論
> APT would maintain a list of allowed public primary keys.

You've blatantly forgotten the implication of TOFU regarding new debian keys. Without a way to certify debian's keys, there's no way to verify that installation media is correct any more. With PGP, there was the web of trust. Now there is TLS at best, no?

It seems the proposed specification lacks a crucial addition of keysigning.