From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 20651 invoked by uid 1002); 22 Nov 2003 05:28:07 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 23617 invoked from network); 22 Nov 2003 05:28:07 -0000 Message-ID: <3FBEF315.5090306@technaut.darktalker.net> Date: Fri, 21 Nov 2003 23:24:37 -0600 From: Andrew Gaffney User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031117 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Gentoo Dev References: <1069466950.8702.4.camel@veritas> <1069475935.32645.87.camel@lisa.thedoh.com> In-Reply-To: <1069475935.32645.87.camel@lisa.thedoh.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [gentoo-dev] GPG Signed packages X-Archives-Salt: 5809416a-7560-4a83-9d4a-a85303ded032 X-Archives-Hash: 6cb77b8b4b8466439a63969357576423 Lisa Seelye wrote: > On Fri, 2003-11-21 at 21:09, Yi Qiang wrote: > >>I think this has been brought up many times before, but as most of us >>know, many of the debian servers have been compromised recently. This >>has reinstated fear into many people about how "trustful" our distfile >>repositories really are. If indeed one is compromised it would be too >>easy for someone to slip a backdoor into a package, especially since I >>and a lot of other gentoo users simply ignore md5 checksums. If a >>digest fails we simply ebuild foo.ebuild digest it again. I think an >>option should be made that would allow failing packages if gpg fails. (I >>think Redhat does something like this) This of course is not a fool >>proof way, but a big improvement over what is currently done to ensure >>package integrity. > > > If the key server/signature is compromised you have gained nothing over > the way we have it now. Adding it is just another way for something to > go wrong. > > As for users doing ebuild foo.ebuild digest blindly - that's a good way > to put your box at serious risk. I agree that the current system is good the way it is. If someone is dumb enough to ignore a failing MD5 on anything other than MPlayer fonts, and I'm sure most of us have done 'ebuild digest mplayer-x.xx.ebuild' at one point or another (I have), another check isn't going to keep them from opening up their box, anyway. -- Andrew Gaffney -- gentoo-dev@gentoo.org mailing list