public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
From: Tavis Ormandy <taviso@gentoo.org>
To: Paul de Vrieze <pauldv@gentoo.org>
Cc: gentoo-dev@gentoo.org
Subject: Re: [gentoo-dev] Finger GLEP
Date: Mon, 11 Aug 2003 12:09:18 +0000	[thread overview]
Message-ID: <20030811120918.GC29154@sdf.lonestar.org> (raw)
In-Reply-To: <19913.134.188.150.80.1060590280.squirrel@callisto.cs.kun.nl>

On Mon, Aug 11, 2003 at 10:24:40AM +0200, Paul de Vrieze wrote:
> 
> There are advantages and disadvantages. For pgp keys I personally believe
> that this is not the way to go. In case a dev box gets rooted it is very
> easy for a hacker to update a .gpgkey file, but if we would have an
> authenticated and automated process changing the key in the ldap database
> (through an easy to use script) that would increase security a lot while
> still getting all the data at one place.

Thats no more secure than the finger solution, once a developer's box is
rooted, all bets are off. At this point the hacker can already trojan
gpg/ssh/whatever and harvest all the passphrases and key pairs he wants, 
rendering the gpg key useless.

> As such I believe that if we want to provide a finger service it
> will need to be ldap aware and pull most information from ldap, and/or
> other sources. For example for projects the current plan is to create
> project.xml files containing information about the project. Including who
> is part of the project.

maybe, but im a fan of the simplicity of finger. The name and location
is the standard information from the passwd file, and three plain text
files the dev can configure as they see fit. 

-- 
-------------------------------------
taviso@sdf.lonestar.org | finger me for my gpg key.
-------------------------------------------------------

--
gentoo-dev@gentoo.org mailing list


      reply	other threads:[~2003-08-11 12:09 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-08-10 22:39 [gentoo-dev] Finger GLEP Tavis Ormandy
2003-08-10 23:27 ` Kurt Lieber
2003-08-10 23:36   ` Seemant Kulleen
2003-08-11  0:17     ` Tavis Ormandy
2003-08-11  0:57       ` Spider
2003-08-11  0:02   ` Tavis Ormandy
2003-08-11  9:22     ` Kurt Lieber
2003-08-11 11:35       ` Tavis Ormandy
2003-08-11 12:37         ` Paul de Vrieze
2003-08-11 12:59           ` Tavis Ormandy
2003-08-11 13:33         ` Kurt Lieber
2003-08-11 14:01           ` Tavis Ormandy
2003-08-11  0:03   ` Grant Goodyear
2003-08-11  8:05   ` Paul de Vrieze
2003-08-11  1:17 ` Aron Griffis
2003-08-11  8:24   ` Paul de Vrieze
2003-08-11 12:09     ` Tavis Ormandy [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030811120918.GC29154@sdf.lonestar.org \
    --to=taviso@gentoo.org \
    --cc=gentoo-dev@gentoo.org \
    --cc=pauldv@gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox