1 |
On Sun, 30 Oct 2016 15:36:16 -0700 |
2 |
Zac Medico <zmedico@g.o> wrote: |
3 |
|
4 |
> I'm merging in Michał's reply from the related "[gentoo-portage-dev] |
5 |
> [PATCH] [sync] Increase the default git sync-depth to 10" thread. |
6 |
> |
7 |
> On 10/30/2016 02:58 PM, Zac Medico wrote: |
8 |
> > On 10/30/2016 01:44 PM, Michał Górny wrote: |
9 |
> >> Hi, everyone. |
10 |
> >> |
11 |
> >> Just a quick note: I've prepared a simple tool [1] to verify clones of |
12 |
> >> gentoo-mirror repositories. It's still early WiP but can be easily used |
13 |
> >> to verify a clone: |
14 |
> >> |
15 |
> >> $ ./verify-repo gentoo |
16 |
> >> [/var/db/repos/gentoo] |
17 |
> >> Untrusted signature on 42ccdf48d718287e981c00f25caea2242262906a |
18 |
> >> (you may need to import/trust developer keys) |
19 |
> >> Note: unsigned changes in metadata and/or caches found (it's fine) |
20 |
> > |
21 |
> > I don't think it's acceptable to use an unsigned metadata/cache commit. |
22 |
> > Can't we use an infrastructure key for this? |
23 |
> |
24 |
> On 10/30/2016 03:03 PM, Michał Górny wrote: |
25 |
> > I've even written a blog post [1] about that. Long story short, |
26 |
> > trusting some random key used by automated process running on remote |
27 |
> > server with no real security is insane. I've made a script that |
28 |
> > verifies underlying repo commit instead, and diffs for metadata |
29 |
> > changes. |
30 |
> > |
31 |
> > |
32 |
> [1]:https://blogs.gentoo.org/mgorny/2016/04/15/why-automated-gentoo-mirror-commits-are-not-signed-and-how-to-verify-them-2/ |
33 |
> |
34 |
> An automated signature may not have the same degree of trust as a |
35 |
> manually generated signature, but that does not make it completely |
36 |
> worthless (is https worthless too?). |
37 |
|
38 |
I disagree. We don't have any good way of expressing this degree of |
39 |
trust. Therefore, the user will commonly presume both are of the same |
40 |
degree of trust. |
41 |
|
42 |
-- |
43 |
Best regards, |
44 |
Michał Górny |
45 |
<http://dev.gentoo.org/~mgorny/> |