1 |
Lisa Seelye wrote: |
2 |
> On Fri, 2003-11-21 at 21:09, Yi Qiang wrote: |
3 |
> |
4 |
>>I think this has been brought up many times before, but as most of us |
5 |
>>know, many of the debian servers have been compromised recently. This |
6 |
>>has reinstated fear into many people about how "trustful" our distfile |
7 |
>>repositories really are. If indeed one is compromised it would be too |
8 |
>>easy for someone to slip a backdoor into a package, especially since I |
9 |
>>and a lot of other gentoo users simply ignore md5 checksums. If a |
10 |
>>digest fails we simply ebuild foo.ebuild digest it again. I think an |
11 |
>>option should be made that would allow failing packages if gpg fails. (I |
12 |
>>think Redhat does something like this) This of course is not a fool |
13 |
>>proof way, but a big improvement over what is currently done to ensure |
14 |
>>package integrity. |
15 |
> |
16 |
> |
17 |
> If the key server/signature is compromised you have gained nothing over |
18 |
> the way we have it now. Adding it is just another way for something to |
19 |
> go wrong. |
20 |
> |
21 |
> As for users doing ebuild foo.ebuild digest blindly - that's a good way |
22 |
> to put your box at serious risk. |
23 |
|
24 |
I agree that the current system is good the way it is. If someone is dumb enough to ignore |
25 |
a failing MD5 on anything other than MPlayer fonts, and I'm sure most of us have done |
26 |
'ebuild digest mplayer-x.xx.ebuild' at one point or another (I have), another check isn't |
27 |
going to keep them from opening up their box, anyway. |
28 |
|
29 |
-- |
30 |
Andrew Gaffney |
31 |
|
32 |
|
33 |
-- |
34 |
gentoo-dev@g.o mailing list |