| 1 |
Hi, |
| 2 |
|
| 3 |
--On Donnerstag, Juni 06, 2002 16:41:03 -0400 Frank Tobin |
| 4 |
<ftobin@×××××××××××.org> wrote: |
| 5 |
|
| 6 |
> On Thu, 6 Jun 2002, Alexander Holler wrote: |
| 7 |
> |
| 8 |
>> what do you think about signing the ebuilds and digests with gpg? |
| 9 |
> |
| 10 |
> Since there are multiple ebuild-providers (in contrast to a single one, |
| 11 |
> ala official RedHat RPMs), you would need to develop a PKI. Once you say |
| 12 |
|
| 13 |
I didn't want to know that the ebuild builder is the correct one, I just |
| 14 |
want that the main server (gentoo.org) signs the ebuilds with his key. So |
| 15 |
only one key is needed. |
| 16 |
|
| 17 |
> PKI, things get complicated quickly, and I do no think that the complexity |
| 18 |
> required satisfies a current need. Simple digests as they are currently |
| 19 |
> done is much better, IMO. |
| 20 |
|
| 21 |
If I want to fake a packet on one of the mirrors I just have to build a new |
| 22 |
packet (e.g. with a trojan), change the uri in the ebuild and build new |
| 23 |
digests (which anyone could do). |
| 24 |
|
| 25 |
In the other case, the blackhat has to get the key from the main-server to |
| 26 |
change packets. |
| 27 |
Or he needs to build and checkin a new packet, which I think would be |
| 28 |
discovered relatively quick (in contrast to a silent take over of on of the |
| 29 |
mirrors). |
Archives