Gentoo Archives: gentoo-dev

From: "Hanno Böck" <hanno@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Trustless Infrastructure
Date: Mon, 02 Jul 2018 17:47:42
Message-Id: 20180702194711.1b6f20e5@computer
In Reply to: [gentoo-dev] Trustless Infrastructure by "Jason A. Donenfeld"
1 Hi,
2
3 Something like this was I believe the original idea behind signed
4 manifests. Not sure how long ago this was, but we used to sign Manifest
5 files at some point, though it never was part of any consistent concept
6 as far as I know, and they weren't checked regularly.
7
8 Anything like this comes with some obvious problems that you need to
9 answer if you want to have such a system:
10 * How are you keeping the keys up to date? Which keys are included
11 there? All currently active developers? All active and former
12 developers?
13 * What happens if a key expires? Do you accept expired signatures if
14 the package has been committed before the expiration date? Or is
15 there some kind of resign process if that happens? Does the developer
16 have to do this himself or can other developers do this? If it's up
17 on the developer what happens if he's inactive / on long holiday /
18 not reachable when his key expires?
19 * What happens if a key is revoked, because a developer decides to
20 create a new key? Same question as with expired keys: Do all
21 signatures need to be recreated? How's that going to happen?
22 * What happens if a developer leaves Gentoo? We'll still want to have
23 his packages. Again a resign procedure?
24
25 I don't want to say this is unworkable. But these are challenges and
26 imho fixing them all is really, really tricky. Either you break stuff
27 regularly or you have procedures that someone has to do regularly in
28 order to avoid breakage (more work for gentoo devs) or you expand the
29 scope of accepted signatures very excessively.
30 And I believe these challenges are one of the reasons the old attempts
31 to have a signed Gentoo never went anywhere. I'm glad we have some form
32 of signed Gentoo now, even if it relies on some centralized
33 infrastructure.
34
35 --
36 Hanno Böck
37 https://hboeck.de/
38
39 mail/jabber: hanno@××××××.de
40 GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Replies

Subject Author
Re: [gentoo-dev] Trustless Infrastructure "Jason A. Donenfeld" <zx2c4@g.o>
Re: [gentoo-dev] Trustless Infrastructure Kristian Fiskerstrand <k_f@g.o>