| 1 |
On Wed, 2004-11-10 at 13:55 +0100, Klaus Wagner wrote: |
| 2 |
> On Wed, Nov 10, 2004 at 12:54:44PM +0000, Antoine Martin wrote: |
| 3 |
> > I think we all admit it may take some time, but we are talking about the |
| 4 |
> > quick and dirty solution as a stop-gap measure, nothing else. |
| 5 |
> > And if the better solution takes more than 1.5years to roll out, backup |
| 6 |
> > plans are just common sense - not criticism. |
| 7 |
> > |
| 8 |
> > |
| 9 |
> > I is just a cron job and a script, how would that double the amount of |
| 10 |
> > work in the future?!? |
| 11 |
> |
| 12 |
> I really don't see how this is greatly improving security. |
| 13 |
> A cronjob, that is AUTOMATICALLY signing everything it get's |
| 14 |
> wouldn't make me happy. |
| 15 |
> |
| 16 |
> Security, is not only signation and cryptography. |
| 17 |
> When it comes to signation, I have to trust every point |
| 18 |
> in the process, and I don't trust cronjobs and "in memory" |
| 19 |
> passphrases, or even worse unprotected private keys. |
| 20 |
Sure, I agree with you. This is would not solve *all* problems. |
| 21 |
|
| 22 |
But it would solve the problem that this thread started on, which is to |
| 23 |
trust all the hops between your box and the gentoo servers. Which is a |
| 24 |
greater risk than a compromised gentoo server. |
| 25 |
|
| 26 |
|
| 27 |
-- |
| 28 |
gentoo-security@g.o mailing list |
Archives