| 1 |
On Thursday 25 March 2004 14:38, Jesse Nelson wrote: |
| 2 |
> |
| 3 |
> well if you move key verification into (or in addition to) the build |
| 4 |
> process and make it aware of key servers. Invalidate a key on the |
| 5 |
> keyserver and portage can refuse to build anything signed by DevX(or key X) |
| 6 |
> or under pauls proposal a whole tree could be deemed untrusted. |
| 7 |
> |
| 8 |
> just by allowing a check on emerge to verify your local keyring is still |
| 9 |
> fresh etc. this doesn't require a new tree, and would work for ppl that are |
| 10 |
> periodically online etc. Keyring maintenance would have to be a tool |
| 11 |
> outside of portage altogether tho. |
| 12 |
|
| 13 |
Yup but you can't invalidate a key on the keyserver in the case of a rogue |
| 14 |
developer. If you're online, why not update the portage tree, get all the new |
| 15 |
security updates etc. and the ACLs in one go? Putting the allowed keys and |
| 16 |
access lists into the portage tree makes the most sense to me. Otherwise |
| 17 |
you're going to have to synchronise them anyway! |
| 18 |
|
| 19 |
> <rant> |
| 20 |
> I would love to see it so that if ppl who are running prod servers want to |
| 21 |
> verify against 3 public sources all sigs they could and its all built in. |
| 22 |
> this would outpace every other oss distro out there in terms of package |
| 23 |
> security. If they only want packages that have had a few devs look @ them |
| 24 |
> they can set that as well. If joe-user doesnt give a dam he can turn all |
| 25 |
> paranoia checks off. It's keeping with the "gentoo way" IMHO. </rant> |
| 26 |
|
| 27 |
I couldn't agree more. |
| 28 |
|
| 29 |
-- |
| 30 |
gentoo-dev@g.o mailing list |
Archives