Gentoo Archives: gentoo-dev

From: Duncan <1i5t5.duncan@×××.net>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] Re: Manifest signing
Date: Thu, 29 Sep 2011 19:09:37
Message-Id: pan.2011.09.29.19.08.29@cox.net
In Reply to: Re: [gentoo-dev] Manifest signing by Fabian Groffen
1 Fabian Groffen posted on Thu, 29 Sep 2011 17:09:57 +0200 as excerpted:
2
3 > On 29-09-2011 11:02:17 -0400, Anthony G. Basile wrote:
4 >> The issue of Manifest signing came up in #gentoo-hardened channel ...
5 >> again. Its clearly a security issue and yet many manifests in the tree
6 >> are still not signed. Is there any chance that we can agree to reject
7 >> unsigned manifests? Possibly a question for the Council to adjudicate?
8 >
9 > Please refer to Mike's thread on this.
10 >
11 > http://archives.gentoo.org/gentoo-dev/
12 msg_7210bc8a18140db8f18ff89245efacd5.xml
13
14 Every time this comes up, it gets a bunch of discussion, perhaps a few
15 more people start signing (but with dev turnover, I really don't know if
16 it gets better over time), and eventually the issue goes back to sleep.
17
18 I have a feeling something similar was happening for kernel.org security
19 discussions. Let's not be them in this regard.
20
21 In that old thread, the only real issue other than "just doing it" that I
22 saw raised was that of the two-stage commit thing. AFAIK in theory, that
23 allows a rather nasty DoS attack, so it does need dealt with, tho a DoS
24 worst-case is already better than the current worst-case.
25
26 Beyond that, IMO it's now at the "needs a proposal champion to clean it
27 up and present it to the council" stage, at least at the "council
28 declared priority" level for getting the requirements into repoman, the
29 CVS server, and perhaps the PMs (I don't know what stage they're at,
30 possibly all they need is a switch flipped?).
31
32 Talking about which, at the PM user level, is there a per-repo/overlay
33 switch? If not, it should strongly be considered.
34
35 With a proposal champion and a council declared priority, hopefully
36 within the year, "the switch" would be ready to be flipped, and a second
37 council vote could be taken to flip it.
38
39 But, someone with the domain knowledge, both of GPG and of the PMs and
40 commit process, needs to step up as the proposal champion and guide it
41 thru. It seems to me we're "almost there", and this is what's needed
42 now, for that final push.
43
44 In my book, that champion would stand up there along with WilliamH for
45 being the guy that finally pushed OpenRC thru to stability (absolutely
46 not without the help of others, of course, but it took someone to step up
47 and actually be the champion that pushed it thru). That's not an
48 insignificant thing to be able to put on one's CV, BTW, that you were the
49 proposal champion that helped with the final push toward tree signing and
50 thus general tree security for a community distro like Gentoo. =:^)
51
52 Meanwhile, seems to me that Google, et al. could well have sufficient
53 interest in this, given Gentoo's status as upstream, to sponsor hardware,
54 etc, if needed.
55
56 And I'm sure the Gentoo/PR folks would a WHOLE lot rather deal with an
57 announcement that Gentoo's tree is now signed and that the PMs now reject
58 unsigned by default, BEFORE having to deal with an announcement along the
59 lines of kernel.org's recent ones, instead of AFTER. =:\
60
61 --
62 Duncan - List replies preferred. No HTML msgs.
63 "Every nonfree program has a lord, a master --
64 and if you use the program, he is your master." Richard Stallman

Replies

Subject Author
Re: [gentoo-dev] Re: Manifest signing "Robin H. Johnson" <robbat2@g.o>