Ditching OpenPGP, a new approach to signing APT repositories

Bernhard Reiter bernhard at intevation.de
Tue Jun 29 08:37:56 CEST 2021

Am Sonntag 27 Juni 2021 18:56:15 schrieb Стефан Васильев via Gnupg-users:
> maybe interesting for some of you.
> https://wiki.debian.org/Teams/Apt/Spec/AptSign

This does not have references on the problems it is claiming to address.

No description of the context where it is supposed to be used
and what part it will play in the security.

Also there is no mention of how the trust relation of the public
keys will be established.

So not yet possible to evaluate the page, it looke like a 0.2 draft
in a wiki and probably gets to the point of being an interesting proposal 


www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210629/ec460d83/attachment.sig>

More information about the Gnupg-users mailing list