1 |
On Sun, Sep 07, 2003 at 09:43:47PM +0000, Jan Krueger wrote: |
2 |
> On Sunday 07 September 2003 19:20, Martin Schlemmer wrote: |
3 |
> > So how are any of these going to help if you do not trust us or any |
4 |
> > other developers/upstream_authors, encryption, etc, etc. I mean, |
5 |
> > this *IS* what this whole issue is about, no ? |
6 |
> No. I trust you. But trusting you doesnt mean that the ebuild you checked in |
7 |
> to the tree arrives at my hardrive unmodified. There is no way for you as a |
8 |
> human beeing to garantee this to me. Instead it should be expected that the |
9 |
> ebuild gets modified (by faulty software/hardware/network/whatever or by a |
10 |
> malicious attacker). So this must be taken care of. |
11 |
> |
12 |
> With Manifest and digest portage very much points in the right direction, but |
13 |
> this is not enough, from my point of view. |
14 |
> |
15 |
|
16 |
Why is it not enough? Of course, Manifests by themeslves can be modified |
17 |
- that's why they need to be GPG signed. |
18 |
|
19 |
The vulnerability at that point is compromised keys, which is why we |
20 |
would have an uberkey so we can revoke developer keys as soon as |
21 |
possible. It's not foolproof, but it's a whole lot better. |
22 |
|
23 |
There is no such thing as perfect security short of shutting down your |
24 |
computer. |
25 |
|
26 |
-- |
27 |
Jon Portnoy |
28 |
avenj/irc.freenode.net |
29 |
|
30 |
-- |
31 |
gentoo-dev@g.o mailing list |