1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
On 08/14/2015 04:54 PM, Rich Freeman wrote: |
5 |
> On Fri, Aug 14, 2015 at 8:45 AM, Kristian Fiskerstrand |
6 |
> <k_f@g.o> wrote: |
7 |
>> |
8 |
>>> |
9 |
>>> 2. The question is why manifests are modified for rsync. In |
10 |
>>> git manifests are thin (only distfiles are there), in rsync |
11 |
>>> they also contain checksums for ebuilds and files dir content. |
12 |
>>> Do we really need this? These manifests are not signed now, so |
13 |
>>> of little use. |
14 |
>> |
15 |
>> They will be OpenPGP signed by a releng key during thickening |
16 |
>> and portage will auto-verify it using gkeys once things are in |
17 |
>> place. As such checksum for ebuilds and other files certainly |
18 |
>> needs to be part of the manifest, otherwise it can open up for |
19 |
>> malicious alterations of these files. |
20 |
>> |
21 |
> |
22 |
> As much as I'd love to see it all folded into git, the reality is |
23 |
> also that git signatures are only bound to files by a series of |
24 |
> sha1 hashes, and sha1 is not a strong hash function. Git really |
25 |
> ought to move to sha256 at some point, preferably in a manner that |
26 |
> makes it expandable in the future to other hash functions. But, |
27 |
> this isn't a high-priority for upstream. |
28 |
|
29 |
I'm not really too worried about second preimage attacks on sha1 at |
30 |
the present time, so can understand that priority. |
31 |
|
32 |
> |
33 |
> The same limitation is true of any git gpg signature, including |
34 |
> tag signatures. It is all held together by sha1. The manifest |
35 |
> system is much stronger. |
36 |
> |
37 |
|
38 |
Well, it is only as good as the input it gets, so if the git |
39 |
infrastructure (if sha1 truly turns out to be an issue, presuming that |
40 |
it is verified at point of staging) or the staging area for rsync |
41 |
mirror is compromised (since the Manifests are signed when thickened, |
42 |
a compromise here can override everything else) it will replicate to |
43 |
users, so these points needs to be properly protected. |
44 |
|
45 |
- -- |
46 |
Kristian Fiskerstrand |
47 |
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net |
48 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
49 |
-----BEGIN PGP SIGNATURE----- |
50 |
|
51 |
iQEcBAEBCgAGBQJVzgP7AAoJECULev7WN52F0QoIAMWD3crryd+J5wt4xYfTTRHl |
52 |
6t4Jqhg5f4yIbC/9L7ldpqRpg/rNeO1kl7/vqHGTPQIuZXsbw+40LksFHhR9R6U+ |
53 |
lyt9d8pzDE2jjzKieLRYAXLmz0SWKB7HxBcnueaizYOFjSxJS4qcgCoj6u3X0t4B |
54 |
TTt1VOHP83t4WZGPSbGBhaqlHIFVbVf/NmaXEXvOqO7LmuLuR0CUNj5L0mZxNhIM |
55 |
W/ey0YzU/mwLpbDf/Xx0MGW8xFe5oVbLxruydYIWr6OVPSWwunn3vnU2fOWpN4Xx |
56 |
siJzTo2lLgJ7ypGwbvYpAmh3bH3pbOPqCvk7UD75Au+kHQkT7oqwlp2B1PErmQU= |
57 |
=+CcW |
58 |
-----END PGP SIGNATURE----- |