1 |
On Thursday 11 November 2004 19:49, Chris Frey wrote: |
2 |
> In another post, you asked whether we expect the devs to drop everything to |
3 |
> implement the checking in emerge sync. I certainly don't expect that. |
4 |
> Once the signatures are available from the server, any user can use them |
5 |
> and write their own code to do the checks. The signature is all we need. |
6 |
|
7 |
Unfortunately this is not true. There are a number of requirements for the |
8 |
solution that is finally implemented. Most of the problems are |
9 |
organizatorial, not technical: |
10 |
- There must be a way to ensure that all files in the tree are signed / no dev |
11 |
commits unsigned manifests anymore |
12 |
- There must be a way to get the list of valid dev keys. |
13 |
- The lifetime of the validness of the dev key list must be short to allow for |
14 |
added devs and compromised keys. |
15 |
- The key(s) used to sign the key list must be secure in some way and trusted |
16 |
|
17 |
Besides this the key list must be assembled and maintained. At some point also |
18 |
manifests must be resigned because their keys are invalidated. Those |
19 |
manifests must be automatically identified. |
20 |
|
21 |
Paul |
22 |
|
23 |
-- |
24 |
Paul de Vrieze |
25 |
Gentoo Developer |
26 |
Mail: pauldv@g.o |
27 |
Homepage: http://www.devrieze.net |