| 1 |
On Thursday 06 June 2002 01:56 pm, Alexander Holler wrote: |
| 2 |
> Hello, |
| 3 |
> |
| 4 |
> what do you think about signing the ebuilds and digests with gpg? |
| 5 |
> |
| 6 |
> That would make it harder for blackhats to introduce a worm or something |
| 7 |
> similiar (if they have got access to an rsync mirror). |
| 8 |
> |
| 9 |
> My idea is to automatically sign the released ebuilds (before mirroring |
| 10 |
> them) with a key of gentoo.org. |
| 11 |
> |
| 12 |
> Then emerge could check the sign and could discard wrong ebuilds or just |
| 13 |
> throws a warning (preferable customized with make.conf). |
| 14 |
|
| 15 |
I think it is an excellent idea, but then, that's easy for me to say since I'm |
| 16 |
not the one who would be burdened by the work of actually building a ring of |
| 17 |
trust and signing all the ebuilds. |
| 18 |
|
| 19 |
Having said that, it is clear that when new ebuilds are taken from bugzilla |
| 20 |
and put into the official CVS, the decision as to what goes in and what |
| 21 |
doesn't, and those who are allowed to commit to CVS, is a limited number of |
| 22 |
people. |
| 23 |
|
| 24 |
It should be reasonably manageable to create a ring of trust amongst those who |
| 25 |
submit and distribute ebuilds, and the security benefits would be |
| 26 |
significant. |
| 27 |
|
| 28 |
Unfortunately, as with most things, I suspect this will happen only AFTER |
| 29 |
someone slips a trojan through, as there is some amount of work in getting |
| 30 |
something like that setup and the developers have plenty of other things that |
| 31 |
are, for the moment anyway, more pressing. :-) |
| 32 |
|
| 33 |
Just like backups, almost no one develops the habit until they've been bitten |
| 34 |
at least once. [grin] |
Archives