@alsuren
> An https site certificate is enough trust for most users to trust the server
https does not help apt-get ...
apt-get needs signed packages and signed repositories.
> so the developer should not be forced to sign the ppa key
Not needed but nice to have.
> If the user's launchpad account is compromised, [...]
> If this happens then no amount of key revocation will stem the flow of chaos that the attacker is be capable of.
A attacker can not upload compromised packages unless he has the package-signing-key!
Changing the signing-fingerprint on launchpad should only be possible if signed by the old key or with a email-verification-system.
> What key removal should do to the PPA is a point for further discussion
It should only remove the signature from the repository.
> Any packages that were potentially modified by an attacker should be manually version bumped to clean them off users' systems
If a compromised package gets installed, the whole system could be compromised and needs to be reinstalled!
A updated package can not always remove all changes because a compromised package can download and execute virus-addons which can do unpredictable stuff...
@alsuren
> An https site certificate is enough trust for most users to trust the server
https does not help apt-get ...
apt-get needs signed packages and signed repositories.
> so the developer should not be forced to sign the ppa key
Not needed but nice to have.
> If the user's launchpad account is compromised, [...]
> If this happens then no amount of key revocation will stem the flow of chaos that the attacker is be capable of.
A attacker can not upload compromised packages unless he has the package- signing- key! ion-system.
Changing the signing-fingerprint on launchpad should only be possible if signed by the old key or with a email-verificat
> What key removal should do to the PPA is a point for further discussion
It should only remove the signature from the repository.
> Any packages that were potentially modified by an attacker should be manually version bumped to clean them off users' systems
If a compromised package gets installed, the whole system could be compromised and needs to be reinstalled!
A updated package can not always remove all changes because a compromised package can download and execute virus-addons which can do unpredictable stuff...