1 |
Fabian Groffen posted on Thu, 29 Sep 2011 17:09:57 +0200 as excerpted: |
2 |
|
3 |
> On 29-09-2011 11:02:17 -0400, Anthony G. Basile wrote: |
4 |
>> The issue of Manifest signing came up in #gentoo-hardened channel ... |
5 |
>> again. Its clearly a security issue and yet many manifests in the tree |
6 |
>> are still not signed. Is there any chance that we can agree to reject |
7 |
>> unsigned manifests? Possibly a question for the Council to adjudicate? |
8 |
> |
9 |
> Please refer to Mike's thread on this. |
10 |
> |
11 |
> http://archives.gentoo.org/gentoo-dev/ |
12 |
msg_7210bc8a18140db8f18ff89245efacd5.xml |
13 |
|
14 |
Every time this comes up, it gets a bunch of discussion, perhaps a few |
15 |
more people start signing (but with dev turnover, I really don't know if |
16 |
it gets better over time), and eventually the issue goes back to sleep. |
17 |
|
18 |
I have a feeling something similar was happening for kernel.org security |
19 |
discussions. Let's not be them in this regard. |
20 |
|
21 |
In that old thread, the only real issue other than "just doing it" that I |
22 |
saw raised was that of the two-stage commit thing. AFAIK in theory, that |
23 |
allows a rather nasty DoS attack, so it does need dealt with, tho a DoS |
24 |
worst-case is already better than the current worst-case. |
25 |
|
26 |
Beyond that, IMO it's now at the "needs a proposal champion to clean it |
27 |
up and present it to the council" stage, at least at the "council |
28 |
declared priority" level for getting the requirements into repoman, the |
29 |
CVS server, and perhaps the PMs (I don't know what stage they're at, |
30 |
possibly all they need is a switch flipped?). |
31 |
|
32 |
Talking about which, at the PM user level, is there a per-repo/overlay |
33 |
switch? If not, it should strongly be considered. |
34 |
|
35 |
With a proposal champion and a council declared priority, hopefully |
36 |
within the year, "the switch" would be ready to be flipped, and a second |
37 |
council vote could be taken to flip it. |
38 |
|
39 |
But, someone with the domain knowledge, both of GPG and of the PMs and |
40 |
commit process, needs to step up as the proposal champion and guide it |
41 |
thru. It seems to me we're "almost there", and this is what's needed |
42 |
now, for that final push. |
43 |
|
44 |
In my book, that champion would stand up there along with WilliamH for |
45 |
being the guy that finally pushed OpenRC thru to stability (absolutely |
46 |
not without the help of others, of course, but it took someone to step up |
47 |
and actually be the champion that pushed it thru). That's not an |
48 |
insignificant thing to be able to put on one's CV, BTW, that you were the |
49 |
proposal champion that helped with the final push toward tree signing and |
50 |
thus general tree security for a community distro like Gentoo. =:^) |
51 |
|
52 |
Meanwhile, seems to me that Google, et al. could well have sufficient |
53 |
interest in this, given Gentoo's status as upstream, to sponsor hardware, |
54 |
etc, if needed. |
55 |
|
56 |
And I'm sure the Gentoo/PR folks would a WHOLE lot rather deal with an |
57 |
announcement that Gentoo's tree is now signed and that the PMs now reject |
58 |
unsigned by default, BEFORE having to deal with an announcement along the |
59 |
lines of kernel.org's recent ones, instead of AFTER. =:\ |
60 |
|
61 |
-- |
62 |
Duncan - List replies preferred. No HTML msgs. |
63 |
"Every nonfree program has a lord, a master -- |
64 |
and if you use the program, he is your master." Richard Stallman |