| 1 |
On Wednesday 10 November 2004 13:35, Chris Frey wrote: |
| 2 |
> On Tue, Nov 09, 2004 at 09:05:41PM -0500, Denis Roy wrote: |
| 3 |
> > > not prompted the beginning of a new initiative in signing the tree |
| 4 |
> > |
| 5 |
> > because that was already underway. I very much doubt that it'll speed |
| 6 |
> > up the progress made on that initiative, because the main limiting |
| 7 |
> > factor is time. No matter what is said here, it's not going to make |
| 8 |
> > anybody go out and quit their jobs in order to get tree signing |
| 9 |
> > implemented quicker. |
| 10 |
> |
| 11 |
> The problem with phrasing it this way is that it implies there is only |
| 12 |
> one way to address this issue. It may be true that Gentoo has decided |
| 13 |
> on only one way to address the issue, but there are other ways to do it. |
| 14 |
|
| 15 |
A large part of the 1.5 years was spent discussing the best solution - threads |
| 16 |
not unsimilar to this one. Even to the end, there were still people bringing |
| 17 |
up the point that signing doesn't protect against wayward developers. Even |
| 18 |
so, after reveiwing all the points a decision was reached because most agreed |
| 19 |
that something needed to be done. |
| 20 |
|
| 21 |
> The current development effort that is underway is not one that can be |
| 22 |
> implemented overnight, but there is a solution that manages to satisfy |
| 23 |
> the core needs of this thread that can be implemented overnight. |
| 24 |
|
| 25 |
I would advise everybody to read through aforementioned discussions in the |
| 26 |
archives of gentoo-dev@g.o before persuing this. Something that |
| 27 |
appears so simple as this on the surface still has a number of sharp edges. |
| 28 |
The infrastructure team would have to do some careful planning and possibly |
| 29 |
restructing of job control on the master rsync and cvs servers. The portage |
| 30 |
team would need to implement support for verifying the signature is valid. |
| 31 |
Whoever else would have to plan and implement distribution of this |
| 32 |
all-powerful key. |
| 33 |
|
| 34 |
But it doesn't stop there. Following this would be plan of action for the case |
| 35 |
that the all-powerful key is compromised. Then there is also the up to six |
| 36 |
month transition period between this solution and the solution that is |
| 37 |
currently being implemented. That also requires careful planning and |
| 38 |
implementation. So.. adding this simple solution now actually more than |
| 39 |
doubles the amount of work that needs to be done down the track. |
| 40 |
|
| 41 |
Regards, |
| 42 |
Jason Stubbs |
| 43 |
|
| 44 |
-- |
| 45 |
gentoo-security@g.o mailing list |
Archives