From: Ciaran McCreesh <ciaran.mccreesh@googlemail.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Date: Thu, 3 Apr 2008 13:33:50 +0100 [thread overview]
Message-ID: <20080403133350.113f5696@snowcone> (raw)
In-Reply-To: <47F4CD96.3070409@dev.gentooexperimental.org>
[-- Attachment #1: Type: text/plain, Size: 2044 bytes --]
On Thu, 03 Apr 2008 14:29:10 +0200
Patrick Lauer <bugs@dev.gentooexperimental.org> wrote:
> > Nope. In fact, using such a system, there are ways of getting in
> > code that doesn't get triggered until someone's key gets
> > invalidated.
> By this reasoning you shouldn't use passwords ...
>
> The idea is to limit the attack vectors and make simple attacks much
> harder. A sophisticated "hacker" could just rent a busload of angry
> serbians, kidnap 12 developers and force them to do some subtle
> changes in many places. But is that likely to happen?
No no. The point is, there's no effective technological way of
preventing malicious developers from using the tree to screw over end
users. Signing isn't designed to and can't prevent that class of
attack (and nor can it protect against compromised end user systems).
What it *can* do is reduce the amount of damage done by a compromised
rsync server.
> > And if you are worrying about malicious developers, you need to
> > worry about malicious infra people too. An infra member throwing
> > his toys out of the pram can do much more lasting damage than
> > someone who can get some global scope nastiness into an ebuild for
> > an hour or two...
>
> That has nothing to do with the discussion ... and I don't see how
> infra could manipulate the signatures in a useful way apart from
> adding keys or removing some from the official keyring ...
> This they could do at the moment by manipulating the cvs to rsync
> copy process, but I'm not aware of something like that happening. So
> you might want to have a marginal trust in people and not accuse them
> of things they might do in the future ...
That's exactly the thing under discussion -- the design of the system
necessitates trust in both the main repository and the end user system,
and signing does absolutely nothing to help there. No-one is suggesting
that anyone from infra is going to do anything to utterly screw over
Gentoo for petty personal reasons.
--
Ciaran McCreesh
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2008-04-03 12:34 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-01 5:30 [gentoo-dev] Monthly Gentoo Council Reminder for April Mike Frysinger
2008-04-02 20:46 ` Petteri Räty
2008-04-02 20:53 ` Wulf C. Krueger
2008-04-02 21:16 ` joshua jackson
2008-04-02 21:28 ` Petteri Räty
2008-04-02 21:19 ` Mike Auty
2008-04-02 21:26 ` Petteri Räty
2008-04-02 21:33 ` Richard Brown
2008-04-02 21:36 ` Jan Kundrát
2008-04-03 1:21 ` Richard Freeman
2008-04-03 6:42 ` Fabian Groffen
2008-04-03 11:06 ` Petteri Räty
2008-04-02 21:42 ` Mike Auty
2008-04-02 22:41 ` Petteri Räty
2008-04-03 1:56 ` Jorge Manuel B. S. Vicetto
2008-04-03 6:41 ` [gentoo-dev] " Christian Faulhammer
2008-04-03 11:05 ` [gentoo-dev] " Petteri Räty
2008-04-03 11:35 ` Jorge Manuel B. S. Vicetto
2008-04-03 11:39 ` Ciaran McCreesh
2008-04-03 11:49 ` Petteri Räty
2008-04-03 11:56 ` Mike Auty
2008-04-03 12:01 ` Ciaran McCreesh
2008-04-03 12:17 ` Mike Auty
2008-04-03 12:23 ` Ciaran McCreesh
2008-04-03 12:29 ` Patrick Lauer
2008-04-03 12:33 ` Ciaran McCreesh [this message]
2008-04-03 12:44 ` Patrick Lauer
2008-04-03 12:46 ` Ciaran McCreesh
2008-04-03 12:55 ` Patrick Lauer
2008-04-03 12:56 ` Ciaran McCreesh
2008-04-04 6:38 ` Bo Ørsted Andresen
2008-04-03 12:34 ` Patrick Lauer
2008-04-03 11:49 ` Arfrever Frehtes Taifersar Arahesis
2008-04-03 19:03 ` Chris Gianelloni
2008-04-03 13:53 ` Thomas Anderson
2008-04-03 16:58 ` Donnie Berkholz
2008-04-03 14:02 ` Wulf C. Krueger
2008-04-03 14:25 ` [gentoo-dev] " Christian Faulhammer
2008-04-03 0:35 ` [gentoo-dev] " William L. Thomson Jr.
2008-04-03 12:21 ` Mike Auty
2008-04-03 13:21 ` Richard Freeman
2008-04-03 19:08 ` Chris Gianelloni
2008-04-03 14:27 ` [gentoo-dev] " Christian Faulhammer
2008-04-03 14:35 ` [gentoo-dev] " Chrissy Fullam
2008-04-03 15:56 ` Petteri Räty
2008-04-03 16:16 ` Chrissy Fullam
2008-04-04 8:26 ` Peter Volkov
2008-04-07 20:37 ` Petteri Räty
2008-04-07 21:05 ` Mike Pagano
2008-04-08 0:10 ` Petteri Räty
2008-04-08 0:57 ` Robin H. Johnson
2008-04-07 21:27 ` Jan Kundrát
2008-04-08 17:30 ` Roy Bamford
2008-04-08 20:00 ` Robin H. Johnson
2008-04-10 18:52 ` Raúl Porcel
2008-04-03 7:24 ` Ciaran McCreesh
2008-04-03 13:36 ` [gentoo-dev] " Tiziano Müller
-- strict thread matches above, loose matches on Subject: below --
2009-04-01 5:30 [gentoo-dev] " Mike Frysinger
2009-04-01 11:28 ` David Leverton
2009-04-01 12:24 ` Ulrich Mueller
2009-04-02 9:53 ` Fabian Groffen
2009-04-02 14:47 ` Ciaran McCreesh
2009-04-06 17:24 ` Fabian Groffen
2009-04-06 17:33 ` Ciaran McCreesh
2007-04-01 5:30 Mike Frysinger
[not found] ` <200704040151.56797.vapier@gentoo.org>
2007-04-04 6:08 ` Mike Doty
2007-04-04 7:45 ` Donnie Berkholz
2007-04-05 16:33 ` Mike Doty
2007-04-04 8:18 ` Bryan Østergaard
2007-04-04 9:24 ` Wernfried Haas
2007-04-04 9:55 ` Mike Frysinger
2007-04-04 12:03 ` Wernfried Haas
2007-04-04 16:27 ` Mike Frysinger
2007-04-05 12:11 ` Wernfried Haas
2007-04-05 8:28 ` Ciaran McCreesh
2007-04-04 19:36 ` Alexandre Buisse
2007-04-04 19:49 ` Donnie Berkholz
2007-04-04 20:17 ` Grant Goodyear
2007-04-04 20:54 ` Matti Bickel
2007-04-04 23:28 ` Alexandre Buisse
2007-04-05 11:29 ` Denis Dupeyron
2007-04-05 12:19 ` Seemant Kulleen
2007-04-05 13:07 ` Chris Gianelloni
2007-04-10 15:17 ` Paul de Vrieze
2007-04-05 12:39 ` Chris Gianelloni
2007-04-05 21:33 ` Denis Dupeyron
2007-04-05 8:26 ` Ciaran McCreesh
2007-04-05 12:09 ` Wernfried Haas
2007-04-05 12:29 ` Christopher Sawtell
2007-04-05 13:51 ` Ciaran McCreesh
2007-04-05 14:07 ` Matti Bickel
2007-04-05 14:47 ` Chris Gianelloni
2007-04-05 15:00 ` Ciaran McCreesh
2007-04-05 15:22 ` Chris Gianelloni
2007-04-05 16:04 ` Josh Saddler
2007-04-05 16:24 ` Chris Gianelloni
2007-04-05 17:00 ` Ciaran McCreesh
2007-04-05 16:57 ` Ciaran McCreesh
2007-04-05 20:15 ` Danny van Dyk
2007-04-05 20:31 ` Chris Gianelloni
2007-04-05 20:14 ` Mike Frysinger
2007-04-05 19:20 ` Mike Frysinger
2007-04-05 20:22 ` William L. Thomson Jr.
2007-04-05 20:42 ` Danny van Dyk
2007-04-05 20:47 ` Mike Frysinger
2007-04-05 21:18 ` Ned Ludd
2007-04-05 21:43 ` Petteri Räty
2007-04-05 21:46 ` Wernfried Haas
2007-04-05 22:32 ` Mike Frysinger
2006-04-01 9:22 Mike Frysinger
2006-04-11 4:02 ` Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080403133350.113f5696@snowcone \
--to=ciaran.mccreesh@googlemail.com \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox