1 |
On Monday 08 November 2004 17:14, Thierry Carrez wrote: |
2 |
> Last, your simple solution means work for the infrastructure team (to |
3 |
> change the rsync replication process, provide for CPU time to perform |
4 |
> the digest etc... And the portage team (testing and releasing extra |
5 |
> functionality controlled by a FEATURE most people won't activate |
6 |
> because it slows down the emerge sync process). Rephrasing your |
7 |
> proposal as : |
8 |
> |
9 |
> (1) infrastructure scripts to generate signed digest |
10 |
> (2) portage patches including the FEATURE of glocal verification |
11 |
> (3) hard data showing the performance hit server-side and client-side |
12 |
> |
13 |
> would certainly help us. It's not your job to do an implementation |
14 |
> proposal ? That's the "Gentoo team" job ? Man, get real. Gentoo is a |
15 |
> community distribution. The "Gentoo team" cannot do everything, it |
16 |
> needs user support. And yes, even posting a small script helps. |
17 |
|
18 |
You're even forgetting number (4), a single master key is extremely |
19 |
sensitive to compromise. The biggest risk (that of the master sync server |
20 |
being compromised) is not being addressed, and your proposal does not |
21 |
handle the reliable revocation of such a key. And don't forget that the |
22 |
master key must be passphraseless as signing needs to happen very often. |
23 |
|
24 |
Paul |
25 |
|
26 |
-- |
27 |
Paul de Vrieze |
28 |
Gentoo Developer |
29 |
Mail: pauldv@g.o |
30 |
Homepage: http://www.devrieze.net |