1 |
Andrew Muraco posted <43C49047.5070302@×××××××××.com>, excerpted below, |
2 |
on Tue, 10 Jan 2006 23:57:43 -0500: |
3 |
|
4 |
> The method described here would also open up the oppurtunity for "fake" |
5 |
> enterprise trees, without having something to double check that the tree |
6 |
> that we have is indeed the one that is wanted, it would be possible for a |
7 |
> hacked rsync server (or a bogus one) to host the enterprise (stable) trees |
8 |
> with extra ebuilds which could compromise security (/me thinks of emails |
9 |
> warning about Microsoft's patchs and links which point to infectious |
10 |
> websites.) |
11 |
|
12 |
Remember, portage already has a decent amount of signed content |
13 |
verification builtin, and is getting more. Just because it's not |
14 |
currently used, as the debate on strength and keyring handling hasn't been |
15 |
settled, doesn't mean the capacity doesn't exist. |
16 |
|
17 |
At this point it should be possible to develop a working enterprise |
18 |
security model along with the enterprise proposal and tree. Spec it out, |
19 |
put the keys in a special dir on a read-only mounted partition, and it'll |
20 |
be pretty hard to fake it on the fly, at least. |
21 |
|
22 |
IOW, while it's certainly an issue that needs to be addressed, I'd |
23 |
consider it no worse than anything else on the list, and probably |
24 |
relatively minor compared to some of the other hurdles to be cleared on |
25 |
the way to a decent enterprise Gentoo. I believe the biggest hurdles |
26 |
will be finding the folks to do it and coordinating them to actually get |
27 |
and keep it going. |
28 |
|
29 |
-- |
30 |
Duncan - List replies preferred. No HTML msgs. |
31 |
"Every nonfree program has a lord, a master -- |
32 |
and if you use the program, he is your master." Richard Stallman in |
33 |
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html |
34 |
|
35 |
|
36 |
-- |
37 |
gentoo-dev@g.o mailing list |