Bug#855282: deprecating debrsign [was: Re: Bug#855282: debsign: support .buildinfo files]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Feb 16 18:55:47 UTC 2017
On Thu 2017-02-16 12:23:00 -0500, Ximin Luo wrote:
> I haven't yet updated debrsign but I think that program is a bit
> pointless anyway, and have documented this in debsign(1): "note that
> it is probably safer to have your trusted signing machine use
> \fBdebsign\fR to connect to the untrusted non-signing machine, rather
> than using \fBdebrsign\fR to make the connection in the reverse
> direction."
fwiw, i agree with Ximin here.
If doing it the other way around isn't possible, a better option (given
the version of gpg that is available in stretch) is to forward the
gpg-agent's extra socket from the trusted machine to the remote machine
and using debsign directly on the remote/untrusted machine, and
confirming access to the secret key material via gpg-agent's use of
pinentry the trusted machine.
We should probably try to deprecate debrsign in general.
https://codesearch.debian.net/search?q=debrsign
suggests it's only used in devscripts, referenced in the
developers-reference, and then as an obscure option in ui-auto.
I've just filed https://bugs.debian.org/855320 in developers-reference
to avoid encouraging its use.
ui-auto also appears to have a comparable ui-auto-rsign that parallels
this dangerous strategy. I've filed another bug to try to get that
changed too (but i don't have the assigned bug report number yet).
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20170216/701aeef8/attachment.sig>
More information about the devscripts-devel
mailing list