| 1 |
On 04/30/04 John Davis wrote: |
| 2 |
|
| 3 |
> Portage enhancements are a tough one. I know that genone has emerge |
| 4 |
> security almost there and GPG manifest signing is somewhere in the |
| 5 |
> middle (need verification here). The problem in making these release |
| 6 |
> guidelines is the fact that they are totally dependent on 2 people's |
| 7 |
> time and work. Releng does not have control over whether or not these |
| 8 |
> can be completed, so putting them on the feature list usually ends up |
| 9 |
> being an exercise in futility. If some people are willing to help out |
| 10 |
> carpaski and genone, then I will add it to the list, but if they are |
| 11 |
> left implementing and testing these two rather substantial features |
| 12 |
> themselves, I am not adding them to the list. |
| 13 |
|
| 14 |
Ok, guess I should repeat that the most important thing for GPG signing |
| 15 |
(actually the missing part is verification) that's still missing is a |
| 16 |
key policy: where to store keys, how to check if they are trustworthy |
| 17 |
and so on. If we can agree on a simple and effective solution there it |
| 18 |
shouldn't be too difficult to implement this feature (talking about code |
| 19 |
here, not the tree). The last time we had a way too long thread with way |
| 20 |
too many details and discussions about problem scenarios, please let's |
| 21 |
try to avoid that. |
| 22 |
And to get everyone on track I'll start with a very simple proposal |
| 23 |
(idea stolen from Spanky IIRC), I won't say that it's really effective |
| 24 |
though: |
| 25 |
- keys are stored in a keyring and are installed by an ebuild |
| 26 |
- a key is trustworthy if it is in that keyring |
| 27 |
- expiration is handled by removing the key from that keyring |
| 28 |
- each modification to the keyring involves a version bump on the ebuild |
| 29 |
That's about the easiest for implementation and doesn't require anything |
| 30 |
new for our infrastructure or key-signing-sessions. It does not say who |
| 31 |
will manage that keyring though as that is not important for the |
| 32 |
implementation. I'm pretty sure that the idea has a number of flaws, but |
| 33 |
we have to start somewhere. |
| 34 |
|
| 35 |
Marius |
| 36 |
|
| 37 |
-- |
| 38 |
Public Key at http://www.genone.de/info/gpg-key.pub |
| 39 |
|
| 40 |
In the beginning, there was nothing. And God said, 'Let there be |
| 41 |
Light.' And there was still nothing, but you could see a bit better. |
Archives