From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JhOTh-00056X-NT for garchives@archives.gentoo.org; Thu, 03 Apr 2008 12:23:37 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6FB7BE0AA5; Thu, 3 Apr 2008 12:23:36 +0000 (UTC) Received: from hu-out-0506.google.com (hu-out-0506.google.com [72.14.214.233]) by pigeon.gentoo.org (Postfix) with ESMTP id 2B1DEE0AA5 for ; Thu, 3 Apr 2008 12:23:36 +0000 (UTC) Received: by hu-out-0506.google.com with SMTP id 23so1059341huc.1 for ; Thu, 03 Apr 2008 05:23:35 -0700 (PDT) Received: by 10.78.145.16 with SMTP id s16mr3927954hud.23.1207225415159; Thu, 03 Apr 2008 05:23:35 -0700 (PDT) Received: from snowcone ( [213.121.151.206]) by mx.google.com with ESMTPS id s33sm772759hub.32.2008.04.03.05.23.34 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 03 Apr 2008 05:23:34 -0700 (PDT) Date: Thu, 3 Apr 2008 13:23:26 +0100 From: Ciaran McCreesh To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Monthly Gentoo Council Reminder for April Message-ID: <20080403132326.19595c4b@snowcone> In-Reply-To: <47F4CAEF.2080106@gentoo.org> References: <20080401092610.EEF7467349@smtp.gentoo.org> <47F3F098.1050508@gentoo.org> <47F3F860.6080200@gentoo.org> <47F3FA1C.7010407@gentoo.org> <47F4395A.3000509@gentoo.org> <47F4B9FC.2010907@gentoo.org> <47F4C0F8.7040906@gentoo.org> <20080403123921.3fc33a77@snowcone> <47F4C456.6080704@gentoo.org> <47F4C60B.8080605@gentoo.org> <20080403130151.12507f1a@snowcone> <47F4CAEF.2080106@gentoo.org> X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.9; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/c4MHg.nE9T20NVd5iITD/g3"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Archives-Salt: 2e5b3044-e746-4a77-8930-dfd029a7f95c X-Archives-Hash: b5b7a183c6ecd5c1b32e457b3005afc2 --Sig_/c4MHg.nE9T20NVd5iITD/g3 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 03 Apr 2008 13:17:51 +0100 Mike Auty wrote: > Ciaran McCreesh wrote: > | Signing offers no protection against a malicious developer. >=20 > I had envisaged a system whereby when the tree was synced, as was some > kind of master signed list of all acceptable dev-keys. Every package > would also be signed, and would only be installed when signed. As > soon as a dev becomes a liability their key is removed from the > list/revoked. ~ On next sync any packages or package upgrades signed > after the time of revocation would not be installed. There would be > a window of vulnerability, but no bigger than with revoking a dev's > access to the tree. Do you think this would offer suitable > protection for users from a malicious dev or not? Nope. In fact, using such a system, there are ways of getting in code that doesn't get triggered until someone's key gets invalidated. And if you are worrying about malicious developers, you need to worry about malicious infra people too. An infra member throwing his toys out of the pram can do much more lasting damage than someone who can get some global scope nastiness into an ebuild for an hour or two... --=20 Ciaran McCreesh --Sig_/c4MHg.nE9T20NVd5iITD/g3 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFH9MxB96zL6DUtXhERAoyxAKCy4UthvctQZdY5IYC6OUkHdBXVDACfUI4s t7BChvvqfXsEFG62/SSmo7E= =GZ6Y -----END PGP SIGNATURE----- --Sig_/c4MHg.nE9T20NVd5iITD/g3-- -- gentoo-dev@lists.gentoo.org mailing list