From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-44998-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Q3Jmh-0008ED-SB
	for garchives@archives.gentoo.org; Sat, 26 Mar 2011 03:03:28 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 0F5DBE0603;
	Sat, 26 Mar 2011 03:03:13 +0000 (UTC)
Received: from mail-iw0-f181.google.com (mail-iw0-f181.google.com [209.85.214.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id 790E11C0FB
	for <gentoo-dev@lists.gentoo.org>; Sat, 26 Mar 2011 03:02:37 +0000 (UTC)
Received: by iwn2 with SMTP id 2so2124556iwn.40
        for <gentoo-dev@lists.gentoo.org>; Fri, 25 Mar 2011 20:02:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:sender:in-reply-to:references:from
         :date:x-google-sender-auth:message-id:subject:to:content-type
         :content-transfer-encoding;
        bh=QTNVOPexsybnOYi2Y3U/IZ1Ucz0LCzb7qGeo+WaCfJs=;
        b=YZ0udIvjPjVudG0BfkdCxFQr8cfpqcOhU28diBVrzhdwFUa9wow9TgNdnN7CCYNT5O
         uprenRiNpWX+xjXZ2rJod7z+A3VwrXkoG76o3CgfitwI7XpSzKI4CH56mDAa4x8DNUAx
         p8MivmejK7Ec9JLZf8BHSaC5p7DrSPuMaFq3A=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:content-type
         :content-transfer-encoding;
        b=UxlyPwYaaEIRHmVwJ8MG22+18kbBHg2UqjJL+LSOncFD9+3V5Eg43TCJT6MbSCyUUF
         S0Inp4WJjtFWeaXoBMeobtrIzIhcw1lJDfSFdgh50L5g0fqjQUnnR2yu73paeVFbMSPW
         rAYfBbtrdxrX4Ek9FeNLGBiHy45Fjy0rIjgDw=
Received: by 10.231.185.105 with SMTP id cn41mr1554962ibb.72.1301108555068;
 Fri, 25 Mar 2011 20:02:35 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Sender: vapierfilter@gmail.com
Received: by 10.231.11.195 with HTTP; Fri, 25 Mar 2011 20:02:15 -0700 (PDT)
In-Reply-To: <AANLkTikrHbFGvgDwh-r4YqGiBEX7sKOSh0VRwb_zx3jJ@mail.gmail.com>
References: <AANLkTi=4o69ytUxAVpy-O31AWQv-5p4bEWD2466NWYGx@mail.gmail.com>
 <AANLkTikHtND=ttd8afj2yBW3pbkqVcfhwnMXiHsFPvBV@mail.gmail.com>
 <20110325074824.TAf2c206.tv@veller.net> <201103250953.19757.dilfridge@gentoo.org>
 <AANLkTimQDA7FPxuRtBrp5wYiC3MvcJDnbf-yS-B3KOMO@mail.gmail.com>
 <4D8CE590.8060905@gentoo.org> <AANLkTikcOiK4+DD+9DG8s=HzjXvvO7td5=RBU8fP9uDX@mail.gmail.com>
 <AANLkTikrHbFGvgDwh-r4YqGiBEX7sKOSh0VRwb_zx3jJ@mail.gmail.com>
From: Mike Frysinger <vapier@gentoo.org>
Date: Fri, 25 Mar 2011 23:02:15 -0400
X-Google-Sender-Auth: USoq7z3C6PPNUKn226_OsV8iyJs
Message-ID: <AANLkTi=M6BfUP4yFspKgVTv8axY-g_FP63HQVwCUgo4r@mail.gmail.com>
Subject: Re: [gentoo-dev] Re: rejecting unsigned commits
To: gentoo-dev@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 568ba8e6da17747e6476f5f126da7820

On Fri, Mar 25, 2011 at 10:38 PM, Alec Warner wrote:
> Coming back around to the earlier discussion of Alice who has her key
> signed by robbat2 (because he loves keysigning parties) and then Alice
> breaks into cvs.gentoo.org and commits evil code into the tree. =A0If we
> cannot stop this attack because we are relying on a chain of trust
> (and Alice is in the chain) can we at least detect the attack?

verifying identity isnt the same as listing who we trust.  this is the
point Robin is making when he says he wants to list all trusted keys
in LDAP.  from there, we could create a file signed by an infra "tree
key" and keep only the trusted keys in it.
-mike