>
> Without having gone into the security specfics in detail, this looks
> great! I very much appreciate your initiative here - I think a set of
> recommendations like this will make a difference, and I'm in favour of
> the general direction of setting security guidelines and perhaps even
> enforcing some of them in future to keep Ubuntu users safe.
Thanks for the general support!
> Some things that might be worth considering and appropriate text adding:
>
> 1) Who has control of the hardware key, knowledge of the passphrase and
> control of the systems it is plugged into.
totally reasonable - will add that
> 2) Expectations of the above. The Ubuntu developer as an individual is
> the only person authorised by Ubuntu and is expected to have exclusive
> control of the key. If exclusive control is compromised then the key
> should be revoked.
same - will add that
> 3) The importance of being in control of what the key is used to sign
> (eg. an attack vector is that you activated your key to sign something
> you thought was innocent but is actually controlled by an adversary).
>
> 4) What actions to take if a key or signing compromise is suspected.
>
> No need to block the PR on this but if not done now then perhaps these
> could be added to an issue tracker somewhere to do later.
I'll certainly add something for #1 and #2 today,
for #3 and #4 I'll try but probably fall back to add a "known next
steps" sections
so things like these are not just missing but acknowledged to be needed yet
for now undefined.
That will help to not forget about these aspects and establish that we
want to have them defined at some point.
> Robie
--
Christian Ehrhardt
Director of Engineering, Ubuntu Server
Canonical Ltd
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
