Comment 23 for bug 125103

Colin Watson (cjwatson) wrote :

Tomás Reyes: You say "This would ensure that the package comes from the PPA as intended", but actually, no, it wouldn't do that at all, it would just make people think it did that while in fact allowing trivial attacks. Please review my comment that I posted immediately before your own, in which I gave a simple demonstration of why it would ensure no such thing. You also said "If an uploader system is compromised, for example, and the personal keys and passwords are present in the system; the PPA would be compromised", and in a system with a single key for all PPAs there is no way to pass that information on to the user.

Designing cryptographic protocols (by which I mean the higher-level protocols, not just bit-banging) is not easy, and it is not wise to trust solely to instinct while doing so.