1 |
On Sat, Mar 26, 2011 at 10:12:10AM +0100, Andreas K. Huettel wrote: |
2 |
> 3) Rely on an existing key list somewhere distributed in portage; the list |
3 |
... |
4 |
> Cons: Mainly that the key id is a pretty short hash afaik.(Any better-informed |
5 |
> people around?) |
6 |
You can use the long-format key IDs if you want. |
7 |
0xB27B944E34884E85 is my long-form key. |
8 |
|
9 |
> Am I missing something? |
10 |
In my tree-signing GLEPs, I explicitly pointed out that the developer |
11 |
signing of content only had real value for the developer->CVS |
12 |
part of the chain. Specifically, that while building the rsync tree for |
13 |
distribution, we can verify that the content we are preparing was indeed |
14 |
from a developer. |
15 |
|
16 |
Please re-read GLEP57. |
17 |
|
18 |
Everything in this thread been attempting to apply solutions to 'Process |
19 |
#1' (developer->infrastructure) to provide direct security for the end |
20 |
user after 'Process #2' (infrastructure->mirrors->users). |
21 |
|
22 |
What can we be certain of? |
23 |
1. Developers should be signing manifests. |
24 |
2. Infrastructure should be verifying those commits before pushing out |
25 |
to rsync. |
26 |
3. Regardless of their choice of rsync or websync, users need to be able |
27 |
to verify that the tree that left Infrastructure was not modified in |
28 |
transit. |
29 |
|
30 |
RegI see so many bad ideas mentioned in this thread. The suggestions to |
31 |
keep a gpg-agent with a very long passphrase TTL just provides a massive |
32 |
new security hole: |
33 |
=== |
34 |
Attacker breaks into developer's system, has access to SSH agent and GPG |
35 |
agent thanks to software like keychain, now can commit as that |
36 |
developer. |
37 |
=== |
38 |
Is this the easiest attack? No, certainly not, looking at mirrors |
39 |
mirror, potentially a running deliberate selective malicious mirror |
40 |
would be much easier. |
41 |
|
42 |
-- |
43 |
Robin Hugh Johnson |
44 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
45 |
E-Mail : robbat2@g.o |
46 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |