| 1 |
On Fri, 2003-11-21 at 21:09, Yi Qiang wrote: |
| 2 |
> I think this has been brought up many times before, but as most of us |
| 3 |
> know, many of the debian servers have been compromised recently. This |
| 4 |
> has reinstated fear into many people about how "trustful" our distfile |
| 5 |
> repositories really are. If indeed one is compromised it would be too |
| 6 |
> easy for someone to slip a backdoor into a package, especially since I |
| 7 |
> and a lot of other gentoo users simply ignore md5 checksums. If a |
| 8 |
> digest fails we simply ebuild foo.ebuild digest it again. I think an |
| 9 |
> option should be made that would allow failing packages if gpg fails. (I |
| 10 |
> think Redhat does something like this) This of course is not a fool |
| 11 |
> proof way, but a big improvement over what is currently done to ensure |
| 12 |
> package integrity. |
| 13 |
|
| 14 |
If the key server/signature is compromised you have gained nothing over |
| 15 |
the way we have it now. Adding it is just another way for something to |
| 16 |
go wrong. |
| 17 |
|
| 18 |
As for users doing ebuild foo.ebuild digest blindly - that's a good way |
| 19 |
to put your box at serious risk. |
| 20 |
|
| 21 |
|
| 22 |
-- |
| 23 |
Regards, |
| 24 |
-Lisa |
| 25 |
<Vix ulla tam iniqua pax, quin bello vel aequissimo sit potior> |
Archives