Archives
Archives
| From: | Maik Schreiber <blizzy@g.o> | ||
|---|---|---|---|
| To: | spider@g.o | ||
| Cc: | gentoo-core@g.o, gentoo-dev@g.o | ||
| Subject: | [gentoo-dev] Re: [gentoo-core] on the matter of security and cryptography | ||
| Date: | Sun, 04 Aug 2002 12:13:17 | ||
| Message-Id: | 34099.80.137.173.49.1028481095.squirrel@mail.iq-computing.de | ||
| In Reply to: | [gentoo-dev] on the matter of security and cryptography by Spider |
||
| 1 | > how do we avoid infringment into the keys (unauthorized keys added?) and |
| 2 | |
| 3 | We don't need to. |
| 4 | |
| 5 | > thus enabling an attacker to sign the modified ebuilds/patches and have |
| 6 | > them check as clean? |
| 7 | |
| 8 | Isn't that the whole point of signatures? You can fake them unless you |
| 9 | have the private key. There's no need to block out other keys in the |
| 10 | keyring if we check for The Right Ones (tm). |
| 11 | |
| 12 | -- |
| 13 | Maik Schreiber, Gentoo Developer |
| 14 | http://www.gentoo.org |
| 15 | mailto:blizzy@g.o |
| Subject | Author |
|---|---|
| [gentoo-dev] Re: [gentoo-core] on the matter of security and cryptography | Spider <spider@g.o> |