Gentoo Archives: gentoo-scm

From: Robert Buchholz <rbu@g.o>
To: gentoo-scm@l.g.o
Cc: "Robin H. Johnson" <robbat2@g.o>
Subject: Re: [gentoo-scm] gentoo-x86 on git - Manifests
Date: Thu, 19 Feb 2009 09:47:38
In Reply to: Re: [gentoo-scm] gentoo-x86 on git - Manifests by "Robin H. Johnson"
On Thursday 19 February 2009, Robin H. Johnson wrote:
> On Wed, Feb 18, 2009 at 11:27:41PM +0100, Robert Buchholz wrote: > > It'll also ease attacks on distfiles when first mirroring them. > > Umm, no, you missed part of what I said. I noted that the newer > Manifests in Git would contain the hashes for ONLY the distfiles, not > for other files. Distfiles suffer zero reduction in security. > The master box is NEVER generating the hash for a distfile.
True, you made a different point. My argument was intended to address the proposal (at least as far as I understood it) in the previous mail (see cut below). But it's a good thing we agree having DIST Manifest inside the repository is a vital feature! ------------------------------------------------------------------------ On Wednesday 18 February 2009, Donnie Berkholz wrote:
> On 08:05 Mon 16 Feb , Maciej Mrozowski wrote: > > Hence the question - is it possible to *not* store and .gitignore > > Manifests is git controlled portage repository? > > As portage metadata is regenerated, maybe it would be as well > > possible to regenerate manifests on server? > > I guess it would be possible but ineffective as it would require > > all needed distfiles to be present as well and this is > > unacceptable. > > Well, if you did the generation on the master mirror, this would be > fine for the main tree. How about overlays, though?
> > hash and (2) only one box would need to be attacked via > > man-in-the-middle, whereas it is currently two. > > Your count of needing to attack two boxes presently is wrong. Just > pick some community that also hosts distfiles > via HTTP/FTP, and attack that box, replacing both a Manifest and the > distfile.
The rsync attack can be avoided by using the signed tree tarballs. The DIST hash attack can't. Robert


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-scm] gentoo-x86 on git - Manifests "Robin H. Johnson" <robbat2@g.o>