From: "Andreas K. Huettel" <dilfridge@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Re: rejecting unsigned commits
Date: Sat, 26 Mar 2011 10:12:10 +0100 [thread overview]
Message-ID: <201103261012.17119.dilfridge@gentoo.org> (raw)
In-Reply-To: <AANLkTikZoAi5E=WHLhPWPBt+KJfQ3=8+JZEBuxo+gumB@mail.gmail.com>
[-- Attachment #1: Type: Text/Plain, Size: 2394 bytes --]
> first off, fix your e-mail client. this long line crap is ridiculous.
:) ever heard of flowed text? absolutely no need to get aggressive...
> second, anyone can add/remove e-mail addresses. we arent verifying
> e-mail addresses, we're verifying keys.
Unfortunately you are misunderstanding the GnuPG trust model here. As a third
party you are not signing someone's key, but someone's userid associated with
that key.
> the *only* thing that matters
> is that the key we have on file (0xabcd) is the one that was used to
> sign.
That's a policy decision. Basically there are several ways to go by
implementing our own trust model.
1) Rely on an existing list of keys somewhere distributed in portage, and
automatically trust all keys in that list.
VERY BAD, because if someone manipulates the portage tree he/she can
manipulate that list as well. I'm pretty confident however you actually meant
option 2) or 3):
2) Rely on an existing keyring somewhere distributed in portage; the file (not
the keys themselves) is signed with a master key.
Is a very clumsy workaround.
Pros: you can exactly decide what keys are used and trusted, without thinking
about GnuPG's inner workings.
Cons: People tend to modify their keys. Add user ids. Add new subkeys. Expire
or revoke subkeys. Revoke userids. (My photo in the key is pretty old by now.
:o) Whenever anything of this happens, the key file changes, needs to be re-
signed by infra and re-uploaded.
3) Rely on an existing key list somewhere distributed in portage; the list
file with the key id's (not the keys themselves) is signed with a master key.
Is a mediocre and potentially insecure workaround.
Pros: you can exactly decide what keys are used and trusted, without thinking
about GnuPG's inner workings. A user can edit his key and the key remains
trusted.
Cons: Mainly that the key id is a pretty short hash afaik.(Any better-informed
people around?)
4) Rely on an existing list of keys somewhere distributed in portage and
possibly somewhere else (keyservers); a key userid is signed with a master
key. Work with GnuPG's well-tested and well-thought-out trust relationships.
Back to start, time to re-read the entire thread... :)
Am I missing something?
--
Andreas K. Huettel
Gentoo Linux developer
dilfridge@gentoo.org
http://www.akhuettel.de/
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2011-03-26 9:12 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-24 21:59 [gentoo-dev] rejecting unsigned commits Mike Frysinger
2011-03-24 22:04 ` Markos Chandras
2011-03-24 22:08 ` Olivier Crête
2011-03-25 0:21 ` Brian Harring
2011-03-25 0:25 ` Mike Frysinger
2011-03-25 19:44 ` Andreas K. Huettel
2011-03-24 22:12 ` Petteri Räty
2011-03-24 22:19 ` [gentoo-dev] " Mike Frysinger
2011-03-24 22:28 ` [gentoo-dev] " Mike Gilbert
2011-03-24 23:46 ` Mike Frysinger
2011-03-24 22:42 ` Rémi Cardona
2011-03-24 22:47 ` [gentoo-dev] " Diego Elio Pettenò
2011-03-24 23:42 ` Mike Frysinger
2011-03-24 23:51 ` [gentoo-dev] " Mike Frysinger
2011-03-24 23:50 ` Jeroen Roovers
2011-03-25 0:09 ` Antoni Grzymala
2011-03-25 0:18 ` Mike Frysinger
2011-03-25 7:15 ` [gentoo-dev] " Torsten Veller
2011-03-25 7:31 ` Patrick Lauer
2011-03-25 8:53 ` Andreas K. Huettel
2011-03-25 9:11 ` Antoni Grzymala
2011-03-25 9:44 ` Andreas K. Huettel
2011-03-25 11:44 ` Dane Smith
2011-04-05 3:36 ` Jeroen Roovers
2011-03-25 14:30 ` Michał Górny
2011-03-25 14:47 ` Andreas K. Huettel
2011-03-25 18:46 ` Mike Frysinger
2011-03-25 18:57 ` Dane Smith
2011-03-25 19:28 ` Mike Frysinger
2011-03-26 2:38 ` Alec Warner
2011-03-26 3:02 ` Mike Frysinger
2011-03-25 19:50 ` Andreas K. Huettel
2011-03-25 20:16 ` Mike Frysinger
2011-03-25 20:33 ` Andreas K. Huettel
2011-03-26 2:22 ` Mike Frysinger
2011-03-26 9:12 ` Andreas K. Huettel [this message]
2011-03-28 0:05 ` Robin H. Johnson
2011-03-28 8:32 ` "Paweł Hajdan, Jr."
2011-03-28 0:13 ` Robin H. Johnson
2011-03-28 8:14 ` Andreas K. Huettel
2011-03-28 16:40 ` Dane Smith
2011-03-25 9:14 ` Antoni Grzymala
2011-03-25 14:33 ` Michał Górny
2011-03-25 14:50 ` Andreas K. Huettel
2011-03-25 18:29 ` Mike Frysinger
2011-03-25 18:26 ` Mike Frysinger
2011-03-25 18:32 ` Mike Frysinger
2011-03-25 18:33 ` Rich Freeman
2011-03-25 18:36 ` Mike Frysinger
2011-03-25 18:45 ` Robin H. Johnson
2011-03-25 19:58 ` Andreas K. Huettel
2011-03-25 19:57 ` Andreas K. Huettel
2011-03-25 20:18 ` Mike Frysinger
2011-03-25 10:11 ` [gentoo-dev] " Peter Volkov
2011-03-25 11:15 ` Andreas K. Huettel
2011-03-25 18:44 ` Mike Frysinger
2011-03-25 11:55 ` "Paweł Hajdan, Jr."
2011-03-25 11:59 ` Dane Smith
2011-03-25 14:43 ` Michał Górny
2011-03-25 14:52 ` Andreas K. Huettel
2011-03-25 15:04 ` "Paweł Hajdan, Jr."
2011-03-25 15:04 ` Dane Smith
2011-03-26 4:31 ` Eray Aslan
2011-03-25 18:30 ` [gentoo-dev] " Mike Frysinger
2011-03-28 2:47 ` Kumba
2011-03-28 11:54 ` Rich Freeman
2011-03-28 12:23 ` Eray Aslan
2011-03-28 20:46 ` Kumba
2011-05-10 2:08 ` Jim Ramsay
2011-05-10 6:19 ` "Paweł Hajdan, Jr."
2011-05-10 13:08 ` Dane Smith
2011-05-10 18:22 ` Jim Ramsay
2011-03-27 22:04 ` [gentoo-dev] " Jeremy Olexa
2011-03-27 23:35 ` Philipp Riegger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201103261012.17119.dilfridge@gentoo.org \
--to=dilfridge@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox