1 |
On Wed, 2004-11-10 at 13:55 +0100, Klaus Wagner wrote: |
2 |
> On Wed, Nov 10, 2004 at 12:54:44PM +0000, Antoine Martin wrote: |
3 |
> > I think we all admit it may take some time, but we are talking about the |
4 |
> > quick and dirty solution as a stop-gap measure, nothing else. |
5 |
> > And if the better solution takes more than 1.5years to roll out, backup |
6 |
> > plans are just common sense - not criticism. |
7 |
> > |
8 |
> > |
9 |
> > I is just a cron job and a script, how would that double the amount of |
10 |
> > work in the future?!? |
11 |
> |
12 |
> I really don't see how this is greatly improving security. |
13 |
> A cronjob, that is AUTOMATICALLY signing everything it get's |
14 |
> wouldn't make me happy. |
15 |
> |
16 |
> Security, is not only signation and cryptography. |
17 |
> When it comes to signation, I have to trust every point |
18 |
> in the process, and I don't trust cronjobs and "in memory" |
19 |
> passphrases, or even worse unprotected private keys. |
20 |
Sure, I agree with you. This is would not solve *all* problems. |
21 |
|
22 |
But it would solve the problem that this thread started on, which is to |
23 |
trust all the hops between your box and the gentoo servers. Which is a |
24 |
greater risk than a compromised gentoo server. |
25 |
|
26 |
|
27 |
-- |
28 |
gentoo-security@g.o mailing list |