Something-driven development

Software development thoughts around Ubuntu, Python, Golang and other tools

Trusted software archives

with one comment

During the Ubuntu Developer Summit there were a number of discussions around how debian operating systems, such as Ubuntu, can best enable people to add trusted software archives to their computer (see the blueprint AptURL-policy for Ubuntu Karmic).

As far as I understood, there are three competing issues:

  1. There is currently no easy way for a person to evaluate whether a software archive might be trustworthy – other than trusting a centralized white-list,
  2. Installing software directly from a web-browser click should be minimized and discouraged,
  3. There should be an easy way for people to share (and maintain) software that they develop

I’m only going to discuss the first point here. DoctorMo has some great mockups demonstrating gpg-keys being used for identity and software trustworthiness, but a few people have commented on the problem of confusing the “web-of-(identity)-trust” that gpg keys currently provide with some sort of general trust that the identified person will be responsible with my computer.

Reading all the comments there leaves me wondering whether we should stop using the phrase “web-of-trust” and instead use the more verbose “web-of-identity-trust” to avoid confusion – even though it doesn’t roll off the tounge so easily. I love Martin’s idea – the concern is real – but am wondering how it could be implemented in a decentralised way.

Of course, it would be possible to add this as an api feature of Launchpad – my feeling is that Launchpad should be a source of the social value of an archive (ie. user ratings etc.), but not necessarily a source of this fundamental trust-relationship.

So here is an idea: what if the repository contained this infrastructure itself, such as a directory of meta-information, ‘identities-who-trust-this-archive’, which contained signed trust files ‘trust-of-canonical.txt’ or ‘trust-of-joe-bloggs.txt’. The text could just be a standard paragraph, or be modified by the signer if needed. The installer on the operating system would allow the user to check the trust text etc. Could this work? Can anyone see any issues? (hmm… revoking trust would not be possible without revoking the key used to sign the document?)


Written by Michael

June 2, 2009 at 9:35 am

Posted in Uncategorized

One Response

Subscribe to comments with RSS.

  1. Sounds like you have some great ideas yourself.


    June 3, 2009 at 4:03 am

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: