public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
From: Ciaran McCreesh <ciaran.mccreesh@googlemail.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Date: Thu, 3 Apr 2008 13:23:26 +0100	[thread overview]
Message-ID: <20080403132326.19595c4b@snowcone> (raw)
In-Reply-To: <47F4CAEF.2080106@gentoo.org>

[-- Attachment #1: Type: text/plain, Size: 1229 bytes --]

On Thu, 03 Apr 2008 13:17:51 +0100
Mike Auty <ikelos@gentoo.org> wrote:
> Ciaran McCreesh wrote:
> | Signing offers no protection against a malicious developer.
> 
> I had envisaged a system whereby when the tree was synced, as was some
> kind of master signed list of all acceptable dev-keys.  Every package
> would also be signed, and would only be installed when signed.  As
> soon as a dev becomes a liability their key is removed from the
> list/revoked. ~ On next sync any packages or package upgrades signed
> after the time of revocation would not be installed.  There would be
> a window of vulnerability, but no bigger than with revoking a dev's
> access to the tree.  Do you think this would offer suitable
> protection for users from a malicious dev or not?

Nope. In fact, using such a system, there are ways of getting in code
that doesn't get triggered until someone's key gets invalidated.

And if you are worrying about malicious developers, you need to worry
about malicious infra people too. An infra member throwing his toys out
of the pram can do much more lasting damage than someone who can get
some global scope nastiness into an ebuild for an hour or two...

-- 
Ciaran McCreesh

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

  reply	other threads:[~2008-04-03 12:23 UTC|newest]

Thread overview: 111+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-04-01  5:30 [gentoo-dev] Monthly Gentoo Council Reminder for April Mike Frysinger
2008-04-02 20:46 ` Petteri Räty
2008-04-02 20:53   ` Wulf C. Krueger
2008-04-02 21:16     ` joshua jackson
2008-04-02 21:28     ` Petteri Räty
2008-04-02 21:19   ` Mike Auty
2008-04-02 21:26     ` Petteri Räty
2008-04-02 21:33       ` Richard Brown
2008-04-02 21:36       ` Jan Kundrát
2008-04-03  1:21         ` Richard Freeman
2008-04-03  6:42           ` Fabian Groffen
2008-04-03 11:06             ` Petteri Räty
2008-04-02 21:42       ` Mike Auty
2008-04-02 22:41         ` Petteri Räty
2008-04-03  1:56       ` Jorge Manuel B. S. Vicetto
2008-04-03  6:41         ` [gentoo-dev] " Christian Faulhammer
2008-04-03 11:05         ` [gentoo-dev] " Petteri Räty
2008-04-03 11:35           ` Jorge Manuel B. S. Vicetto
2008-04-03 11:39             ` Ciaran McCreesh
2008-04-03 11:49               ` Petteri Räty
2008-04-03 11:56                 ` Mike Auty
2008-04-03 12:01                   ` Ciaran McCreesh
2008-04-03 12:17                     ` Mike Auty
2008-04-03 12:23                       ` Ciaran McCreesh [this message]
2008-04-03 12:29                         ` Patrick Lauer
2008-04-03 12:33                           ` Ciaran McCreesh
2008-04-03 12:44                             ` Patrick Lauer
2008-04-03 12:46                               ` Ciaran McCreesh
2008-04-03 12:55                                 ` Patrick Lauer
2008-04-03 12:56                                   ` Ciaran McCreesh
2008-04-04  6:38                                   ` Bo Ørsted Andresen
2008-04-03 12:34                       ` Patrick Lauer
2008-04-03 11:49             ` Arfrever Frehtes Taifersar Arahesis
2008-04-03 19:03               ` Chris Gianelloni
2008-04-03 13:53             ` Thomas Anderson
2008-04-03 16:58               ` Donnie Berkholz
2008-04-03 14:02           ` Wulf C. Krueger
2008-04-03 14:25             ` [gentoo-dev] " Christian Faulhammer
2008-04-03  0:35     ` [gentoo-dev] " William L. Thomson Jr.
2008-04-03 12:21       ` Mike Auty
2008-04-03 13:21         ` Richard Freeman
2008-04-03 19:08           ` Chris Gianelloni
2008-04-03 14:27         ` [gentoo-dev] " Christian Faulhammer
2008-04-03 14:35   ` [gentoo-dev] " Chrissy Fullam
2008-04-03 15:56     ` Petteri Räty
2008-04-03 16:16       ` Chrissy Fullam
2008-04-04  8:26       ` Peter Volkov
2008-04-07 20:37       ` Petteri Räty
2008-04-07 21:05         ` Mike Pagano
2008-04-08  0:10           ` Petteri Räty
2008-04-08  0:57             ` Robin H. Johnson
2008-04-07 21:27         ` Jan Kundrát
2008-04-08 17:30         ` Roy Bamford
2008-04-08 20:00           ` Robin H. Johnson
2008-04-10 18:52         ` Raúl Porcel
2008-04-03  7:24 ` Ciaran McCreesh
2008-04-03 13:36 ` [gentoo-dev] " Tiziano Müller
  -- strict thread matches above, loose matches on Subject: below --
2009-04-01  5:30 [gentoo-dev] " Mike Frysinger
2009-04-01 11:28 ` David Leverton
2009-04-01 12:24 ` Ulrich Mueller
2009-04-02  9:53 ` Fabian Groffen
2009-04-02 14:47   ` Ciaran McCreesh
2009-04-06 17:24     ` Fabian Groffen
2009-04-06 17:33       ` Ciaran McCreesh
2007-04-01  5:30 Mike Frysinger
2007-04-04 19:36 ` Alexandre Buisse
2007-04-04 19:49   ` Donnie Berkholz
2007-04-04 20:17   ` Grant Goodyear
2007-04-04 20:54     ` Matti Bickel
2007-04-04 23:28     ` Alexandre Buisse
2007-04-05 11:29       ` Denis Dupeyron
2007-04-05 12:19         ` Seemant Kulleen
2007-04-05 13:07           ` Chris Gianelloni
2007-04-10 15:17           ` Paul de Vrieze
2007-04-05 12:39         ` Chris Gianelloni
2007-04-05 21:33           ` Denis Dupeyron
2007-04-05  8:26     ` Ciaran McCreesh
2007-04-05 12:09       ` Wernfried Haas
2007-04-05 12:29         ` Christopher Sawtell
2007-04-05 13:51         ` Ciaran McCreesh
2007-04-05 14:07           ` Matti Bickel
2007-04-05 14:47           ` Chris Gianelloni
2007-04-05 15:00             ` Ciaran McCreesh
2007-04-05 15:22               ` Chris Gianelloni
2007-04-05 16:04                 ` Josh Saddler
2007-04-05 16:24                   ` Chris Gianelloni
2007-04-05 17:00                     ` Ciaran McCreesh
2007-04-05 16:57                   ` Ciaran McCreesh
2007-04-05 20:15         ` Danny van Dyk
2007-04-05 20:31           ` Chris Gianelloni
2007-04-05 20:14       ` Mike Frysinger
     [not found] ` <200704040151.56797.vapier@gentoo.org>
2007-04-04  6:08   ` Mike Doty
2007-04-04  7:45     ` Donnie Berkholz
2007-04-05 16:33       ` Mike Doty
2007-04-04  8:18   ` Bryan Østergaard
2007-04-04  9:24     ` Wernfried Haas
2007-04-04  9:55       ` Mike Frysinger
2007-04-04 12:03         ` Wernfried Haas
2007-04-04 16:27           ` Mike Frysinger
2007-04-05 12:11             ` Wernfried Haas
2007-04-05  8:28   ` Ciaran McCreesh
2007-04-05 19:20 ` Mike Frysinger
2007-04-05 20:22   ` William L. Thomson Jr.
2007-04-05 20:42   ` Danny van Dyk
2007-04-05 20:47     ` Mike Frysinger
2007-04-05 21:18   ` Ned Ludd
2007-04-05 21:43     ` Petteri Räty
2007-04-05 21:46     ` Wernfried Haas
2007-04-05 22:32       ` Mike Frysinger
2006-04-01  9:22 Mike Frysinger
2006-04-11  4:02 ` Mike Frysinger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080403132326.19595c4b@snowcone \
    --to=ciaran.mccreesh@googlemail.com \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox