great! I very much appreciate your initiative here - I think a set of
recommendations like this will make a difference, and I'm in favour of
the general direction of setting security guidelines and perhaps even
enforcing some of them in future to keep Ubuntu users safe.
Some things that might be worth considering and appropriate text adding:
1) Who has control of the hardware key, knowledge of the passphrase and
control of the systems it is plugged into.
2) Expectations of the above. The Ubuntu developer as an individual is
the only person authorised by Ubuntu and is expected to have exclusive
control of the key. If exclusive control is compromised then the key
should be revoked.
3) The importance of being in control of what the key is used to sign
(eg. an attack vector is that you activated your key to sign something
you thought was innocent but is actually controlled by an adversary).
4) What actions to take if a key or signing compromise is suspected.
No need to block the PR on this but if not done now then perhaps these
could be added to an issue tracker somewhere to do later.
Robie
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
