| 1 |
Chris Haumesser wrote: |
| 2 |
|
| 3 |
> No, they /need/ not, and should not. I would be _thrilled_ to just |
| 4 |
> get a signature with my tree, that I can manually verify by firing up |
| 5 |
> gpg. No portage support is necessary for this interim solution. We |
| 6 |
> all know something better is in the works for portage. |
| 7 |
Mhmm, in that case you will not be able to use portage to get the |
| 8 |
portage tree (at least it would not reasonable) because emerge executes |
| 9 |
some code from the tree during emerge sync as somebody wrote here two |
| 10 |
days ago. If you do not verify the signature + hashes before that, it is |
| 11 |
completely senseless to do it all. |
| 12 |
And as Marius mentioned you need a solution for checking 100000 hashes |
| 13 |
(not just the gpg signature of the file containing the hashes). Somebody |
| 14 |
has to write that, even if you don't patch portage. |
| 15 |
|
| 16 |
> While there is surely some work in the area of job control, it has |
| 17 |
> been pointed out already that the proposed solution is not terribly |
| 18 |
> resource intensive. So unless gentoo's infrastructure is already |
| 19 |
> severely stretched to the max (is it? how do i know?), I can't see |
| 20 |
> how this is a huge obstacle. Is there an admin who can weigh in with |
| 21 |
> an informed answer on this? Too much speculation on this point, not |
| 22 |
> enough fact. |
| 23 |
I am not a developer and I am basically repeating what people already |
| 24 |
mentioned during the last 2 days. |
| 25 |
You have to create the hashes and the signature everytime somebody |
| 26 |
commits something to tree and you have to take care, that nobody syncs |
| 27 |
during that time. So, a simple cronjob (as suggested several times) is |
| 28 |
not sufficient. As far as I perceived, some patch to repoman (?) would |
| 29 |
be necessary. Certainly those hashes have to be created incrementally to |
| 30 |
reduce load and calculation time which also adds some complexicity. |
| 31 |
|
| 32 |
> Key management/security/policy is an issue that will need to be |
| 33 |
> addressed regardless of the mechanics of any signing process, so I |
| 34 |
> don't see how that is a blocker to this proposal. The idea of a |
| 35 |
> master key is equally applicable (and optional) to both the proposal |
| 36 |
> on this list, and the one currently under development. |
| 37 |
But the PKI and public key policy for Gentoo have not been developed yet |
| 38 |
(AFAIK). And that is crucial for even a quick solution as a signature |
| 39 |
without defined key policy (and management) is really not worth much. |
| 40 |
|
| 41 |
Of course, all these issues can be solved, but not by the way... |
| 42 |
|
| 43 |
My 2 Eurocents... |
| 44 |
Dominik |
| 45 |
|
| 46 |
|
| 47 |
-- |
| 48 |
gentoo-security@g.o mailing list |
Archives