Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: Paul de Vrieze <pauldv@g.o>
From: John Nilsson <john@...>
Subject: Re: Redux: 2004.1 will not include a secure portage.
Date: Mon, 29 Mar 2004 15:02:39 +0200
You have to trust the device that you interface with in any case. If the
computer is compromised, how do you know that the message you pipe
through for signing is the same as on the screen?

-John

On Mon, 2004-03-29 at 10:47, Paul de Vrieze wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Sunday 28 March 2004 18:39, Sami Näätänen wrote:
> 
> > To do what?
> >
> > The master key will not be present there.
> > And if you don't provide those keys that are in the card the keys you
> > make with the trojaned machine can't be validated with the master
> > public key.
> 
> That would only work if the external device actually performs the 
> singing. Not when the key itself is readable by the computer the device 
> is inserted in. I don't know if it would be possible to acquire such a 
> device allthough they probably exist.
> 
> Paul
> 
> - -- 
> Paul de Vrieze
> Gentoo Developer
> Mail: pauldv@g.o
> Homepage: http://www.devrieze.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> 
> iD8DBQFAZ+K5bKx5DBjWFdsRAsvmAJ4sxzDl7z05qvloegttB5Omm1FsFQCgsttT
> DMv+RqOgr9ZnMLxArOOxMaI=
> =JzOQ
> -----END PGP SIGNATURE-----
> 
> --
> gentoo-dev@g.o mailing list
> 
Attachment:
signature.asc (This is a digitally signed message part)
Replies:
Re: Redux: 2004.1 will not include a secure portage.
-- Joshua Brindle
References:
2004.1 will not include a secure portage.
-- Kurt Lieber
Re: Redux: 2004.1 will not include a secure portage.
-- Robin H. Johnson
Re: Redux: 2004.1 will not include a secure portage.
-- Sami Näätänen
Re: Redux: 2004.1 will not include a secure portage.
-- Paul de Vrieze
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Redux: 2004.1 will not include a secure portage.
Next by thread:
Re: Redux: 2004.1 will not include a secure portage.
Previous by date:
Re: Problems with emerge -g option...
Next by date:
Re: Problems with emerge -g option...


Updated Jun 17, 2009

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.