| 1 |
Lisa Seelye wrote: |
| 2 |
> On Fri, 2003-11-21 at 21:09, Yi Qiang wrote: |
| 3 |
> |
| 4 |
>>I think this has been brought up many times before, but as most of us |
| 5 |
>>know, many of the debian servers have been compromised recently. This |
| 6 |
>>has reinstated fear into many people about how "trustful" our distfile |
| 7 |
>>repositories really are. If indeed one is compromised it would be too |
| 8 |
>>easy for someone to slip a backdoor into a package, especially since I |
| 9 |
>>and a lot of other gentoo users simply ignore md5 checksums. If a |
| 10 |
>>digest fails we simply ebuild foo.ebuild digest it again. I think an |
| 11 |
>>option should be made that would allow failing packages if gpg fails. (I |
| 12 |
>>think Redhat does something like this) This of course is not a fool |
| 13 |
>>proof way, but a big improvement over what is currently done to ensure |
| 14 |
>>package integrity. |
| 15 |
> |
| 16 |
> |
| 17 |
> If the key server/signature is compromised you have gained nothing over |
| 18 |
> the way we have it now. Adding it is just another way for something to |
| 19 |
> go wrong. |
| 20 |
> |
| 21 |
> As for users doing ebuild foo.ebuild digest blindly - that's a good way |
| 22 |
> to put your box at serious risk. |
| 23 |
|
| 24 |
I agree that the current system is good the way it is. If someone is dumb enough to ignore |
| 25 |
a failing MD5 on anything other than MPlayer fonts, and I'm sure most of us have done |
| 26 |
'ebuild digest mplayer-x.xx.ebuild' at one point or another (I have), another check isn't |
| 27 |
going to keep them from opening up their box, anyway. |
| 28 |
|
| 29 |
-- |
| 30 |
Andrew Gaffney |
| 31 |
|
| 32 |
|
| 33 |
-- |
| 34 |
gentoo-dev@g.o mailing list |
Archives