1 |
On Fri, 2003-11-21 at 21:09, Yi Qiang wrote: |
2 |
> I think this has been brought up many times before, but as most of us |
3 |
> know, many of the debian servers have been compromised recently. This |
4 |
> has reinstated fear into many people about how "trustful" our distfile |
5 |
> repositories really are. If indeed one is compromised it would be too |
6 |
> easy for someone to slip a backdoor into a package, especially since I |
7 |
> and a lot of other gentoo users simply ignore md5 checksums. If a |
8 |
> digest fails we simply ebuild foo.ebuild digest it again. I think an |
9 |
> option should be made that would allow failing packages if gpg fails. (I |
10 |
> think Redhat does something like this) This of course is not a fool |
11 |
> proof way, but a big improvement over what is currently done to ensure |
12 |
> package integrity. |
13 |
|
14 |
If the key server/signature is compromised you have gained nothing over |
15 |
the way we have it now. Adding it is just another way for something to |
16 |
go wrong. |
17 |
|
18 |
As for users doing ebuild foo.ebuild digest blindly - that's a good way |
19 |
to put your box at serious risk. |
20 |
|
21 |
|
22 |
-- |
23 |
Regards, |
24 |
-Lisa |
25 |
<Vix ulla tam iniqua pax, quin bello vel aequissimo sit potior> |