Can I co-sign a repo for maximum security? In other ways: only update with their signature + mine (auditing protonv pn)

Guerlando OCs

11/7/22, 5:17 AM

According to https://protonvpn.com/support/official-linux-vpn-debian/, to install ProtonVPN on ubuntu, I should just download the .deb, which installs the protonvpn repo:

deb [signed-by=/usr/share/keyrings/protonvpn-stable-archive-keyring.gpg] https://repo.protonvpn.com/debian stable main

then sudo apt update && sudo apt-get install protonvpn

The ProtonVPN app is a python one, and it's distributed as source code, so I can audit it directly from source code.

Is there a way to require a second signature, from me, to download the newest proton vpn? This way I could audit the app before updating to a new version.

The ideal for me would not be to have my own repo, which would be dangerous, but to require both their AND my signature. I'd inspect the code from another computer and sign.

0 + 3

apt

repository

vpn

deb

muru

11/7/22, 5:36 AM

What exactly do you think you'll be signing?

Guerlando OCs

11/7/22, 5:43 AM

@muru whatever is distributed through apt. In this case, the source of the app

muru

11/7/22, 6:04 AM

But you don't have access to the original to sign it, and you don't want to make a copy on which your signature can be added.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can I co-sign a repo for maximum security? In other ways: only update with their signature + mine (auditing protonv pn)

TH: ฉันสามารถลงนามร่วมกันใน repo เพื่อความปลอดภัยสูงสุดได้หรือไม่ ด้วยวิธีอื่น: อัปเดตด้วยลายเซ็น + ของฉันเท่านั้น (การตรวจสอบ protonv pn)

RO: Pot să semnez împreună un repo pentru securitate maximă? În alte moduri: actualizați doar cu semnătura lor + a mea (auditarea protonv pn)

RU: Могу ли я совместно подписать репо для максимальной безопасности? Другими способами: обновлять только своей подписью + моей (аудит протонв пн)

VI: Tôi có thể đồng ký một repo để bảo mật tối đa không? Theo những cách khác: chỉ cập nhật với chữ ký của họ + của tôi (kiểm toán protonv pn)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.