From: | Maik Schreiber <blizzy@g.o> | ||
---|---|---|---|
To: | spider@g.o | ||
Cc: | gentoo-core@g.o, gentoo-dev@g.o | ||
Subject: | [gentoo-dev] Re: [gentoo-core] on the matter of security and cryptography | ||
Date: | Sun, 04 Aug 2002 12:13:17 | ||
Message-Id: | 34099.80.137.173.49.1028481095.squirrel@mail.iq-computing.de | ||
In Reply to: | [gentoo-dev] on the matter of security and cryptography by Spider |
1 | > how do we avoid infringment into the keys (unauthorized keys added?) and |
2 | |
3 | We don't need to. |
4 | |
5 | > thus enabling an attacker to sign the modified ebuilds/patches and have |
6 | > them check as clean? |
7 | |
8 | Isn't that the whole point of signatures? You can fake them unless you |
9 | have the private key. There's no need to block out other keys in the |
10 | keyring if we check for The Right Ones (tm). |
11 | |
12 | -- |
13 | Maik Schreiber, Gentoo Developer |
14 | http://www.gentoo.org |
15 | mailto:blizzy@g.o |
Subject | Author |
---|---|
[gentoo-dev] Re: [gentoo-core] on the matter of security and cryptography | Spider <spider@g.o> |