| 1 |
> Is it really that simple? And to fix it is so easy.. just keep a list of |
| 2 |
> people allowed to modify each directory. Developers sign, users check. |
| 3 |
|
| 4 |
We have a list of people allowed to modify each directory: every dev! |
| 5 |
That's by design, it is quite deliberate, and the reasons are both trust |
| 6 |
and efficiency. That trust is one of the key things that makes working |
| 7 |
on Gentoo so much fun, and anything that would destroy that trust is not |
| 8 |
something that will be considered lightly. |
| 9 |
|
| 10 |
My (admittedly very naive) view about this thread is that most people |
| 11 |
are unlikely to cause damage if it would be easy to trace the damage |
| 12 |
back to the individual, so our devs are not likely to be the main source |
| 13 |
of compromise. Thus, using gpg to remove a remote compromise threat |
| 14 |
does seem quite reasonable to me. |
| 15 |
|
| 16 |
All that said, this topic makes my brain hurt rather badly, so I'm |
| 17 |
leaving the details up to the security team who eat and breathe this stuff. |
| 18 |
|
| 19 |
-g2boojum- |
Archives