From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DMARC_NONE, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI autolearn=unavailable autolearn_force=no version=4.0.0 Received: from main.gmane.org (main.gmane.org [80.91.224.249]) by chiba.3jane.net (Postfix) with ESMTP id B1866AC4F4 for ; Fri, 2 Aug 2002 07:30:50 -0500 (CDT) Received: from root by main.gmane.org with local (Exim 3.33 #1 (Debian)) id 17abZD-0002Um-00 for ; Fri, 02 Aug 2002 14:30:03 +0200 To: gentoo-dev@lists.gentoo.org X-Injected-Via-Gmane: http://gmane.org/ Received: from news by main.gmane.org with local (Exim 3.33 #1 (Debian)) id 17abNe-00023k-00 for ; Fri, 02 Aug 2002 14:18:06 +0200 Path: not-for-mail From: "A.Waschbuesch" Newsgroups: gmane.linux.gentoo.devel Date: Fri, 02 Aug 2002 14:18:41 +0200 Organization: GAUniversity Goettingen Message-ID: References: <20020801103714.A26100@capsi.com> <200208011539.05025.rkaper@ism.nl> <200208020936.40432.you@hanez.org> NNTP-Posting-Host: p50800a9b.dip.t-dialin.net Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7Bit X-Trace: main.gmane.org 1028290685 7919 80.128.10.155 (2 Aug 2002 12:18:05 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Fri, 2 Aug 2002 12:18:05 +0000 (UTC) Subject: [gentoo-dev] Re: possible trojan in openssh-3.4p1 Sender: gentoo-dev-admin@gentoo.org Errors-To: gentoo-dev-admin@gentoo.org X-BeenThere: gentoo-dev@gentoo.org X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux developer list List-Unsubscribe: , List-Archive: X-Archives-Salt: 03d26dcc-e22f-4b83-b6b1-c2fbb065d1ee X-Archives-Hash: c1453a24477f110ffbfc7087ae8fa6f2 Johannes Findeisen wrote: > On Thursday 01 August 2002 15:39, Rob Kaper wrote: >> On Thursday 01 August 2002 15:35, Terje Kvernes wrote: >> > if the checksum differ, which it would have, emerge will abort. >> > although, emerge logs do sound like a very good idea. >> >> For optimum security, emerge should check checksums from different >> locations. One or two trusted servers (often even the same as the one >> where the files reside, although that might not be true for gentoo) >> can be compromised too easily. > > if this should be a option in portage, we always need to download two > files from two servers to check if the md5sum are the same... :-( > IMO it is good as it is. the gentoo-core team are providing a md5sum > in the portage tree and that should be enough. > Hi Johannes, as far as the above suggestion made by Terje is concerned You're right. Distributed checks could easily lead to "confusion", especially working with mirrors. But MD5 alone IS a joke when it comes to _security_ (here: proof of origin/unmodified developer version). It's quite good to check file corruption during data transfer. But that's it in my eyes. If one wants secure "origin" checks there's the need for gpg signing or something alike. Just using md5 someone who got write access to a portage-server could easily regenerate the sum and paste it into the ebuild including a modified SRC-URL. OK. "Even" the OpenBSD devel core team didn't manage to integrate private keys that way (maybe in general they're chaotic). One big problem handling this would be/is/was the key availability for people downloading files ... at least it's like that dealing with some of the OBSD dev-staff ... Andrew -- Andreas Waschbuesch, GAUniversity KG MA FNZ FK01 eMail: awaschb@gwdg.de Pete: Waiter, this meat is bad. Waiter: Who told you? Pete: A little swallow.