mirror of
https://git.dpkg.org/git/dpkg/debsig-verify.git
synced 2025-10-31 02:35:54 +00:00
62 lines
2.5 KiB
Plaintext
62 lines
2.5 KiB
Plaintext
* Add tests for no matched IDs.
|
|
|
|
* Add tests for weak algorithms in keys.
|
|
|
|
* Add tests for key expiry.
|
|
|
|
* Add tests for optional, reject selections/verification policies.
|
|
|
|
* Add tests for failing required verifications.
|
|
|
|
* Add tests for multiple UIDs or keys, need fixes in code.
|
|
|
|
* Update comments in example policies.
|
|
|
|
* Redesign format:
|
|
- Should be stored in a sigs.tar ar member.
|
|
- Should be able to add other origin signatures (namespace them?).
|
|
- Should sign entire thing up to the sigs.tar member, no need to extract
|
|
and concat.
|
|
- Namespace the contents within sigs.tar with openpgp/ so that perhaps
|
|
other signatures can be added there, such as secure-boot, or IMA.
|
|
- Install these signatures into the dpkg db, for later retrieval? For
|
|
OpenPGP might not make sense, but it might for secure-boot.
|
|
- How to handle key rotation or different keys for different archive or
|
|
releases from the same origin?
|
|
- We sould require only OpenPGP verification, no additional introspection
|
|
of OpenPGP objects. This would allow using SOP or even SOPV.
|
|
|
|
* Redesign policies:
|
|
- Do not require XML.
|
|
- Do not require fetching the fingerprint for signatures and keys.
|
|
- Use the origin name as entry point, and role names to refer to keyrings.
|
|
- Do we need to be able to also pin a certificate to a specific package in
|
|
addition to an origin?
|
|
- Use filesystem as policy declaration? For example:
|
|
<policy-dir>/keyrings/debian/origin.pgp
|
|
<policy-dir>/keyrings/debian/role-maint.pgp
|
|
<policy-dir>/keyrings/debian/role-uploader.pgp
|
|
<policy-dir>/keyrings/debian/role-builder.pgp
|
|
- Use a deb822 file for a policy file to denote optional/required/reject?
|
|
|
|
* Given that GnuPG has opted out from the OpenPGP specification and will
|
|
not be adopting new revisions (including the current one, RFC9580),
|
|
we should be moving away from any reliance on it. The redesign work
|
|
mentioned above, is one of the pre-requisites for this.
|
|
|
|
* Figure out how to integrate this more tightly with the package tools
|
|
(apt, dpkg etc..).
|
|
- Move all .deb format handling into libdpkg.
|
|
- Merge into dpkg-deb, once the only dependency is sopv/sqv (and perhaps
|
|
gpgv for portability, or perhaps rnp).
|
|
|
|
* Add some more info to the verbose output.
|
|
STATUS: in progress
|
|
|
|
* Obviously this needs more code auditing.
|
|
- The code uses static buffers and length constrained functions (snprintf,
|
|
strncmp) where ever possible, but in some cases it might make sense to
|
|
switch them to dynamically allocated buffers instead.
|
|
|
|
* I18n and l10n.
|