List Archive: gentoo-scm
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Thu, Feb 19, 2009 at 10:47:33AM +0100, Robert Buchholz wrote:
> > Your count of needing to attack two boxes presently is wrong. Just
> > pick some community rsyncNN.CC.gentoo.org that also hosts distfiles
> > via HTTP/FTP, and attack that box, replacing both a Manifest and the
> > distfile.
> The rsync attack can be avoided by using the signed tree tarballs.
> The DIST hash attack can't.
Err, unless I'm missing something, the signed-tree stuff (as tarballs or
MetaManifest per my GLEPs) does prevent the DIST hash issue as well.
For a signed tree (where the Manifests and full tree contents are
verifiable), I don't see how you would subvert a distfile and NOT have
it detected (short of defeating the hash functions).
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : firstname.lastname@example.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85