| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On Wednesday 24 March 2004 00:36, Jesse Nelson wrote: |
| 5 |
> so a dev key would be revoked by a sync on a file containing a list |
| 6 |
> of dev keys ? what if i compromise a rsync server adn a developers |
| 7 |
> box. This isnt that far fetched a scenario. I get acess to a dev key |
| 8 |
> and i stop a server from updateing the signed key sigs file. |
| 9 |
|
| 10 |
That's why the signing key needs to be shortlived. Basically if the |
| 11 |
signing key is valid for 1 day, the list of dev keys becomes invalid |
| 12 |
after a day. That would halt the rsync part of the problem. Of course it |
| 13 |
would still be a compromise and we would need to check all files signed |
| 14 |
by the key, but it would be needed anyway as it is unlikely we can stop |
| 15 |
the intrusion at the moment it happens. |
| 16 |
|
| 17 |
> this also doesnt begin to solve the rogue developer problem (tho thats |
| 18 |
> not the goal on this i guess) |
| 19 |
|
| 20 |
There is no way to stop this before that person is identified in any |
| 21 |
case. After this person is identified his keys will be revoked and all |
| 22 |
the packages signed by him/her are invalid. They will need to be |
| 23 |
resigned by someone else to be valid again. |
| 24 |
|
| 25 |
> imho every package needs 2 pairs of eyes b4 gettin released. (2 dev |
| 26 |
> sigs + sign key) but theres procedural and time constraints that will |
| 27 |
> probly prevent that from ever happening. |
| 28 |
|
| 29 |
That is a QA issue, but would not change the basic infrastructure. I |
| 30 |
think we should first discuss single signatures and then only discuss |
| 31 |
multiple signatures. |
| 32 |
|
| 33 |
Paul |
| 34 |
|
| 35 |
- -- |
| 36 |
Paul de Vrieze |
| 37 |
Gentoo Developer |
| 38 |
Mail: pauldv@g.o |
| 39 |
Homepage: http://www.devrieze.net |
| 40 |
-----BEGIN PGP SIGNATURE----- |
| 41 |
Version: GnuPG v1.2.4 (GNU/Linux) |
| 42 |
|
| 43 |
iD8DBQFAYWS9bKx5DBjWFdsRAr7cAKDdO71+8LiHg9KR2E1pZp7QyqAVvQCgrOXY |
| 44 |
EPRjTlCzStpL5DNQCKh8T8U= |
| 45 |
=INcS |
| 46 |
-----END PGP SIGNATURE----- |
| 47 |
|
| 48 |
-- |
| 49 |
gentoo-dev@g.o mailing list |
Archives