[DC LoCo] Security advisories
Luke Faraone
luke at faraone.cc
Wed Jun 22 01:12:08 UTC 2011
On 06/20/2011 09:00 PM, Robert Simmons wrote:
> Why are Ubuntu and Debian security advisories signed by such a wide
> array of personal keys? Is there a reason not to use a centralized
> single key, like security-officer at ubuntu.com or some such similar
> thing?
Because its the person at Canonical that's doing the signing, not an
office.
This is the same way DSA is handled at Debian, and the way access is
controlled on the debian-devel-announce list; only posts signed with
keys of approved posters are allowed in. (IIRC)
Perhaps the messages should be resigned / co-signed by some central key;
I suggest bringing this up on ubuntu-devel.
--
Luke Faraone;; Debian & Ubuntu Developer; Sugar Labs, Systems
lfaraone on irc.[freenode,oftc].net -- http://luke.faraone.cc
PGP fprint: 5189 2A7D 16D0 49BB 046B DC77 9732 5DD8 F9FD D506
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-us-dc/attachments/20110621/8340c9b2/attachment.pgp>
More information about the Ubuntu-us-dc
mailing list