Gentoo Archives: gentoo-scm

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-scm@l.g.o
Subject: Re: [gentoo-scm] gentoo-x86 on git - Manifests
Date: Thu, 19 Feb 2009 22:00:45
Message-Id: 20090219213344.GC20371@curie-int.orbis-terrarum.net
In Reply to: Re: [gentoo-scm] gentoo-x86 on git - Manifests by Robert Buchholz
1 On Thu, Feb 19, 2009 at 10:47:33AM +0100, Robert Buchholz wrote:
2 > > Your count of needing to attack two boxes presently is wrong. Just
3 > > pick some community rsyncNN.CC.gentoo.org that also hosts distfiles
4 > > via HTTP/FTP, and attack that box, replacing both a Manifest and the
5 > > distfile.
6 > The rsync attack can be avoided by using the signed tree tarballs.
7 > The DIST hash attack can't.
8 Err, unless I'm missing something, the signed-tree stuff (as tarballs or
9 MetaManifest per my GLEPs) does prevent the DIST hash issue as well.
10 For a signed tree (where the Manifests and full tree contents are
11 verifiable), I don't see how you would subvert a distfile and NOT have
12 it detected (short of defeating the hash functions).
13
14 --
15 Robin Hugh Johnson
16 Gentoo Linux Developer & Infra Guy
17 E-Mail : robbat2@g.o
18 GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85

Replies

Subject Author
Re: [gentoo-scm] gentoo-x86 on git - Manifests Robert Buchholz <rbu@g.o>