From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Q31GD-0005fs-NG for garchives@archives.gentoo.org; Fri, 25 Mar 2011 07:16:41 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8F5131C041; Fri, 25 Mar 2011 07:16:28 +0000 (UTC) Received: from smtprelay04.ispgateway.de (smtprelay04.ispgateway.de [80.67.31.31]) by pigeon.gentoo.org (Postfix) with ESMTP id 095E21C034 for ; Fri, 25 Mar 2011 07:15:50 +0000 (UTC) Received: from [93.210.40.189] (helo=bullet.local) by smtprelay04.ispgateway.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from ) id 1Q31FN-00058D-Ld for gentoo-dev@lists.gentoo.org; Fri, 25 Mar 2011 08:15:49 +0100 Received: from localhost (unknown [127.0.0.1]) by bullet.local (Postfix) with ESMTP id E7EB9D3F for ; Fri, 25 Mar 2011 07:15:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at bullet.veller.net Received: from bullet.local ([127.0.0.1]) by localhost (bullet.veller.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id XAjzUnlHMngY for ; Fri, 25 Mar 2011 08:15:32 +0100 (CET) Received: by bullet.local (Postfix, from userid 1000) id 8D0D916F8; Fri, 25 Mar 2011 08:15:32 +0100 (CET) Date: Fri, 25 Mar 2011 08:15:32 +0100 From: Torsten Veller To: gentoo-dev@lists.gentoo.org Subject: [gentoo-dev] Re: rejecting unsigned commits Message-ID: <20110325074824.TAf2c206.tv@veller.net> Mail-Followup-To: gentoo-dev@lists.gentoo.org References: <20110325005026.55598579@epia.jer-c2.orkz.net> <20110325000931.GA21942@lemongrass.antoszka.pl> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Face: ===_______=8)_=8)_______A_very_very_nice_face_______=8)_=8)_______=== Jabber-ID: tove@jabber.ccc.de X-PGP-Fingerprint: 0416 3C11 8D79 65B9 AAD0 2065 BBC7 14D1 9C67 CD96 User-Agent: Mutt/1.5.21 (2010-09-15) X-Df-Sender: 1067115 X-Archives-Salt: X-Archives-Hash: 958e829d54afc4e5f91f9c16ab48da1c * Mike Frysinger : > On Thu, Mar 24, 2011 at 8:09 PM, Antoni Grzymala wrote: [Manifest signing] > > Does that get us any closer to GLEPs 57, 58, 59 (or generally > > approaching the tree-signing/verifying group of problems)? > > yes I think, it's a "no". The MetaManifest GLEP relies on a signed top-level "MetaManifest" which hashes all sub Manifests, whether they are signed or not doesn't matter. I don't see a major advantage to signed portage snapshots we already offer today. Do you want to reject signed commits if - keys are not publicly available [1] - signatures are from expired keys [2] - keys are revoked [3] - keys are not listed in userinfo.xml (current or former devs) [4] [1] https://bugs.gentoo.org/205405 [2] http://dev.gentoo.org/~tove/stats/gentoo-x86/Manifest/signatures_by_expired_keys.txt [3] http://dev.gentoo.org/~tove/stats/gentoo-x86/Manifest/signatures_by_revoked_keys.txt [4] http://dev.gentoo.org/~tove/stats/gentoo-x86/Manifest/keys_in_use.txt