<christian.ehrhardt@canonical.com> wrote:
>
> On Thu, Sep 25, 2025 at 1:33 PM Robie Basak <racb@ubuntu.com> wrote:
> >
> > Without having gone into the security specfics in detail, this looks
> > great! I very much appreciate your initiative here - I think a set of
> > recommendations like this will make a difference, and I'm in favour of
> > the general direction of setting security guidelines and perhaps even
> > enforcing some of them in future to keep Ubuntu users safe.
>
> Thanks for the general support!
>
> > Some things that might be worth considering and appropriate text adding:
> >
> > 1) Who has control of the hardware key, knowledge of the passphrase and
> > control of the systems it is plugged into.
>
> totally reasonable - will add that
>
> > 2) Expectations of the above. The Ubuntu developer as an individual is
> > the only person authorised by Ubuntu and is expected to have exclusive
> > control of the key. If exclusive control is compromised then the key
> > should be revoked.
>
> same - will add that
>
> > 3) The importance of being in control of what the key is used to sign
> > (eg. an attack vector is that you activated your key to sign something
> > you thought was innocent but is actually controlled by an adversary).
I've added that, but in a softer tone to avoid ruling out people/setups too
easily while still keeping everyone vigilant about the potential risks.
> > 4) What actions to take if a key or signing compromise is suspected.
went to "known, but missing for now"
> > No need to block the PR on this but if not done now then perhaps these
> > could be added to an issue tracker somewhere to do later.
I've updated the PR [1] with content based on the discussions here and
further feedback that I've got.
- Add a section about control and ownership (thanks for the suggestions Robie)
- Refer to the glossary for signing keys
- List known missing aspects visible to the reader
- Acknowledge the lack of requirements for alternatives (from the
discussion between Spyros and Aaron)
- Fix time-time: associate -> associated
[1]: https://github.com/ubuntu/ubuntu-project-docs/pull/182#issuecomment-3337587732
> I'll certainly add something for #1 and #2 today,
> for #3 and #4 I'll try but probably fall back to add a "known next
> steps" sections
> so things like these are not just missing but acknowledged to be needed yet
> for now undefined.
>
> That will help to not forget about these aspects and establish that we
> want to have them defined at some point.
>
> > Robie
>
>
>
> --
> Christian Ehrhardt
> Director of Engineering, Ubuntu Server
> Canonical Ltd
--
Christian Ehrhardt
Director of Engineering, Ubuntu Server
Canonical Ltd
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
