1 |
Markos Chandras posted on Sun, 01 May 2011 23:49:06 +0100 as excerpted: |
2 |
|
3 |
> On Sun, May 01, 2011 at 03:33:25PM -0700, Brian Harring wrote: |
4 |
>> On Sun, May 01, 2011 at 10:08:31PM +0100, Markos Chandras wrote: |
5 |
>>> Since most ( if not all ) of us use the same message on the Changelog |
6 |
>>> and on the commit log, it probably worth the effort of having the |
7 |
>>> rsync servers create the Changelogs before populate the portage tree. |
8 |
|
9 |
>> This opens up a bit of nastyness; either the service would have to |
10 |
>> resign all manifests (which defeats a fair bit of the signing intent), |
11 |
>> or ChangeLog's would have to pulled in full from cvs, generated |
12 |
>> strictly server side (else manifest will have stale chksums for it), |
13 |
>> and ChangeLog will have to exist outside of all validation. |
14 |
|
15 |
> Thats a fair point but the way I see it we need to make a balanced |
16 |
> choice. Obviously is not feasible to have the rsync servers resign |
17 |
> everything. [But] having all the gpg keys on the rsync servers [...] |
18 |
> doesn't look that smart to me. |
19 |
|
20 |
> Leaving Changelogs unprotected might be a bit of a trouble but it |
21 |
> certainly is not that big a deal. Nothing serious can happen if someone |
22 |
> hijacks a plain text file. |
23 |
|
24 |
> In case people want to ensure end-to-end point integrity, we can use |
25 |
> a separate GPG key for the rsync server. However, this will make our GPG |
26 |
> keys useless, and having a single key to sing 10.000 Manifest files does |
27 |
> not look good either. |
28 |
|
29 |
What about having a dedicated server-based changlog-signing key? That's |
30 |
still a lot of signing with a single key, but as you observed, the hazards |
31 |
of a loss of integrity there aren't as high as with most of the tree |
32 |
content. It'd require changes, but I don't believe they're out of line |
33 |
with that required for the rest of the proposal. |
34 |
|
35 |
-- |
36 |
Duncan - List replies preferred. No HTML msgs. |
37 |
"Every nonfree program has a lord, a master -- |
38 |
and if you use the program, he is your master." Richard Stallman |