Re: [RFC/POC] Support checks for signify signature inside xbps-src

[eli-schwartz <eli-schwartz@users.noreply.github.com>]

[-- Attachment #1: Type: text/plain, Size: 1471 bytes --]

New comment by eli-schwartz on void-packages repository

https://github.com/void-linux/void-packages/pull/28400#issuecomment-771959898

Comment:
> If crypto system only considers happy path it's not that useful.

It considers both the happy path and the unhappy path.

It considers the happy path by saying "yay, let's be happy".
It considers the unhappy path by saying "oh no, looks like you're going to feel unhappy now".

I don't see the problem here.
- Are you optimizing for "I just want to package something, anything, that people put in front of me, and this will stop me from doing so"?
- Are you optimizing for "I want to make sure I'm packaging the right stuff, and not packaging the wrong stuff, and this will help me tell the difference"?

Do you have a reasonable expectation that people are going to be losing their security tokens, not have them securely backed up (e.g. printout in a safe or bank deposit box), and then be unable to be contacted IRL to provide legal evidence of ID connecting an old security token to a new security token?

If the Void repos suddenly lost the private key used to sign repodata, what would you do?

If a Void team member suddenly lost their github login and showed up the next day with a new account e.g. @Chocimier2 and insisted "yes I am the same person, please believe me and add me to the github org with push rights", what is your ideal proposed mechanism to verify the truthfulness of this statement?