Gentoo Archives: gentoo-scm

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-scm@l.g.o
Subject: Re: [gentoo-scm] gentoo-x86 on git - Manifests
Date: Thu, 19 Feb 2009 22:00:45
Message-Id: 20090219213344.GC20371@curie-int.orbis-terrarum.net
In Reply to: Re: [gentoo-scm] gentoo-x86 on git - Manifests by Robert Buchholz
On Thu, Feb 19, 2009 at 10:47:33AM +0100, Robert Buchholz wrote:
> > Your count of needing to attack two boxes presently is wrong. Just > > pick some community rsyncNN.CC.gentoo.org that also hosts distfiles > > via HTTP/FTP, and attack that box, replacing both a Manifest and the > > distfile. > The rsync attack can be avoided by using the signed tree tarballs. > The DIST hash attack can't.
Err, unless I'm missing something, the signed-tree stuff (as tarballs or MetaManifest per my GLEPs) does prevent the DIST hash issue as well. For a signed tree (where the Manifests and full tree contents are verifiable), I don't see how you would subvert a distfile and NOT have it detected (short of defeating the hash functions). -- Robin Hugh Johnson Gentoo Linux Developer & Infra Guy E-Mail : robbat2@g.o GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85

Replies

Subject Author
Re: [gentoo-scm] gentoo-x86 on git - Manifests Robert Buchholz <rbu@g.o>