1 |
Chris Haumesser wrote: |
2 |
|
3 |
> No, they /need/ not, and should not. I would be _thrilled_ to just |
4 |
> get a signature with my tree, that I can manually verify by firing up |
5 |
> gpg. No portage support is necessary for this interim solution. We |
6 |
> all know something better is in the works for portage. |
7 |
Mhmm, in that case you will not be able to use portage to get the |
8 |
portage tree (at least it would not reasonable) because emerge executes |
9 |
some code from the tree during emerge sync as somebody wrote here two |
10 |
days ago. If you do not verify the signature + hashes before that, it is |
11 |
completely senseless to do it all. |
12 |
And as Marius mentioned you need a solution for checking 100000 hashes |
13 |
(not just the gpg signature of the file containing the hashes). Somebody |
14 |
has to write that, even if you don't patch portage. |
15 |
|
16 |
> While there is surely some work in the area of job control, it has |
17 |
> been pointed out already that the proposed solution is not terribly |
18 |
> resource intensive. So unless gentoo's infrastructure is already |
19 |
> severely stretched to the max (is it? how do i know?), I can't see |
20 |
> how this is a huge obstacle. Is there an admin who can weigh in with |
21 |
> an informed answer on this? Too much speculation on this point, not |
22 |
> enough fact. |
23 |
I am not a developer and I am basically repeating what people already |
24 |
mentioned during the last 2 days. |
25 |
You have to create the hashes and the signature everytime somebody |
26 |
commits something to tree and you have to take care, that nobody syncs |
27 |
during that time. So, a simple cronjob (as suggested several times) is |
28 |
not sufficient. As far as I perceived, some patch to repoman (?) would |
29 |
be necessary. Certainly those hashes have to be created incrementally to |
30 |
reduce load and calculation time which also adds some complexicity. |
31 |
|
32 |
> Key management/security/policy is an issue that will need to be |
33 |
> addressed regardless of the mechanics of any signing process, so I |
34 |
> don't see how that is a blocker to this proposal. The idea of a |
35 |
> master key is equally applicable (and optional) to both the proposal |
36 |
> on this list, and the one currently under development. |
37 |
But the PKI and public key policy for Gentoo have not been developed yet |
38 |
(AFAIK). And that is crucial for even a quick solution as a signature |
39 |
without defined key policy (and management) is really not worth much. |
40 |
|
41 |
Of course, all these issues can be solved, but not by the way... |
42 |
|
43 |
My 2 Eurocents... |
44 |
Dominik |
45 |
|
46 |
|
47 |
-- |
48 |
gentoo-security@g.o mailing list |