From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JhOcN-0005h8-Vb for garchives@archives.gentoo.org; Thu, 03 Apr 2008 12:32:36 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0DAFAE0AB2; Thu, 3 Apr 2008 12:32:34 +0000 (UTC) Received: from mailhub-lb1.unibe.ch (mailhub-lb1.unibe.ch [130.92.0.82]) by pigeon.gentoo.org (Postfix) with ESMTP id B6CF4E0AB2 for ; Thu, 3 Apr 2008 12:32:33 +0000 (UTC) Received: from localhost (scanhub-lb2.unibe.ch [130.92.5.66]) by mailhub-lb1.unibe.ch (Postfix) with ESMTP id 1B54611C11F for ; Thu, 3 Apr 2008 14:32:33 +0200 (CEST) X-Virus-checked: by University of Bern Received: from mailhub-lb1.unibe.ch ([130.92.0.82]) by localhost (scanhub-lb2.unibe.ch [130.92.5.66]) (amavisd-new, port 10024) with LMTP id nT5JIKZuSLtI for ; Thu, 3 Apr 2008 14:32:31 +0200 (CEST) Received: from asterix.unibe.ch (asterix.unibe.ch [130.92.64.4]) by mailhub-lb1.unibe.ch (Postfix) with ESMTP id C0D0611C11B for ; Thu, 3 Apr 2008 14:32:31 +0200 (CEST) Received: from [130.92.65.87] (cubert [130.92.65.87]) by asterix.unibe.ch (8.13.6+Sun/8.13.6) with ESMTP id m33CWVTd021521 for ; Thu, 3 Apr 2008 14:32:31 +0200 (MEST) Message-ID: <47F4CEC1.7010107@dev.gentooexperimental.org> Date: Thu, 03 Apr 2008 14:34:09 +0200 From: Patrick Lauer User-Agent: Thunderbird 2.0.0.12 (X11/20080304) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Monthly Gentoo Council Reminder for April References: <20080401092610.EEF7467349@smtp.gentoo.org> <47F3F098.1050508@gentoo.org> <47F3F860.6080200@gentoo.org> <47F3FA1C.7010407@gentoo.org> <47F4395A.3000509@gentoo.org> <47F4B9FC.2010907@gentoo.org> <47F4C0F8.7040906@gentoo.org> <20080403123921.3fc33a77@snowcone> <47F4C456.6080704@gentoo.org> <47F4C60B.8080605@gentoo.org> <20080403130151.12507f1a@snowcone> <47F4CAEF.2080106@gentoo.org> In-Reply-To: <47F4CAEF.2080106@gentoo.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: d7ebfee9-be60-44d6-a788-f0fe56b927e2 X-Archives-Hash: 878f07ba48d16b9dcac61211787e959a Mike Auty wrote: > Ciaran McCreesh wrote: > | > | Signing offers no protection against a malicious developer. > | > > I had envisaged a system whereby when the tree was synced, as was some > kind of master signed list of all acceptable dev-keys. Every package > would also be signed, and would only be installed when signed. As soon > as a dev becomes a liability their key is removed from the list/revoked. > ~ On next sync any packages or package upgrades signed after the time of > revocation would not be installed. There would be a window of > vulnerability, but no bigger than with revoking a dev's access to the > tree. Do you think this would offer suitable protection for users from > a malicious dev or not? There has been some previous work which has never been finalized, for all interested parties: http://viewcvs.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/ Getting this cleaned up and ready for discussion would be quite valuable. > > I understand there are difficulties with eclasses, etc, which is why the > current implementation is still not widely used or mandated, but I'm > more interested in the feasibility of the idea. It can be done if people can agree to a policy and allow the programmatic and infrastructural changes to happen. Have fun, Patrick -- gentoo-dev@lists.gentoo.org mailing list