| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
Peter Simons wrote: |
| 9 |
| This problem has nothing to do with trusted or untrusted |
| 10 |
| code, it is about data integrity. Or, more accurately, about |
| 11 |
| _lack_ thereof. |
| 12 |
|
| 13 |
Security is always about trust. You have to trust someone or something. |
| 14 |
Data, keys, servers, admins, protocols, passwords, algorithms, something... |
| 15 |
|
| 16 |
|
| 17 |
| > (1) the server has not been compromised |
| 18 |
| |
| 19 |
| How do I very this? Is there a list of SHA1 hashes of all |
| 20 |
| files /usr/portage is supposed to contain? |
| 21 |
|
| 22 |
Where would you store that list? In a trusted server? Would you trust |
| 23 |
the server admin of that server? |
| 24 |
|
| 25 |
|
| 26 |
| > (3) the server operator is trustworthy |
| 27 |
| > (4) the person that originally created the software is trustworthy |
| 28 |
| > (5) the server operator's are sufficiently skilled to protect the |
| 29 |
software |
| 30 |
| > (6) the person that originally created the software is suffciently |
| 31 |
skilled |
| 32 |
| > to protect it |
| 33 |
| |
| 34 |
| None of these points are relevant for the problem we are |
| 35 |
| talking about. If Gentoo provides proper means of |
| 36 |
| authenticating the data I receive from the mirror, I don't |
| 37 |
| _need_ to trust the mirror's operator. |
| 38 |
|
| 39 |
You need to trust the operator of the authentication server... |
| 40 |
|
| 41 |
|
| 42 |
| > However, none of those issues is specific to Gentoo or |
| 43 |
| > Open Source as a whole. |
| 44 |
| |
| 45 |
| The fact that other projects have the same problem doesn't |
| 46 |
| mean that the problem shouldn't be fixed in Gentoo. |
| 47 |
|
| 48 |
Agreed! This issue is important. |
| 49 |
|
| 50 |
|
| 51 |
| > IMO the purely technical issues have been solved mostly. |
| 52 |
| > However, those are smallest and least important part. |
| 53 |
| |
| 54 |
| So how long will it (approximately) take until this problem |
| 55 |
| is fixed? |
| 56 |
|
| 57 |
Well... I guess until someone comes up with a solution! Not the problem! |
| 58 |
The problem is already known. Gentoo is based on the comunity. The |
| 59 |
comunity has to come up with solutions. Not wait for highly payd |
| 60 |
developers to solve everything like in some known corporations. At least |
| 61 |
~ this is how I see Gentoo. Maybe I'm wrong... |
| 62 |
|
| 63 |
|
| 64 |
Alex's ideia looks interesting: |
| 65 |
| Just a question : could it be a good idea to move md5 on another server |
| 66 |
| or to do 'emerge sync' asking for files on server A and digest files on |
| 67 |
| server B where server B is any server in gentoo rsync rollover but not |
| 68 |
| server A... |
| 69 |
| |
| 70 |
| Then, person have to compromise server A and server B to get his hack |
| 71 |
| working... |
| 72 |
| |
| 73 |
| Hope this help |
| 74 |
| |
| 75 |
| Cheers |
| 76 |
|
| 77 |
Redundancy could be a way to mitigate this problem. It wont solve it thou... |
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
- --- |
| 82 |
Rui Covelo |
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
-----BEGIN PGP SIGNATURE----- |
| 88 |
Version: GnuPG v1.2.6 (GNU/Linux) |
| 89 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
| 90 |
|
| 91 |
iD8DBQFBjkMQfLPhlaxNQk0RAvogAJ4o8042MBgvnqsp525orqXMfOn5/ACfR2Nb |
| 92 |
5VmAOoUrvQAIRqmvg5khvB0= |
| 93 |
=5aGG |
| 94 |
-----END PGP SIGNATURE----- |
| 95 |
|
| 96 |
-- |
| 97 |
gentoo-security@g.o mailing list |
Archives