From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1R9LzF-0004qD-4I for garchives@archives.gentoo.org; Thu, 29 Sep 2011 19:09:37 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3EF2221C05C; Thu, 29 Sep 2011 19:09:28 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id CD06521C070 for ; Thu, 29 Sep 2011 19:09:00 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 5AA271B4011 for ; Thu, 29 Sep 2011 19:09:00 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Score: -4.685 X-Spam-Level: X-Spam-Status: No, score=-4.685 required=5.5 tests=[AWL=1.914, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oAdgDGHRVBvu for ; Thu, 29 Sep 2011 19:08:52 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by smtp.gentoo.org (Postfix) with ESMTP id 9CA151B400E for ; Thu, 29 Sep 2011 19:08:50 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1R9LyP-0002RA-CP for gentoo-dev@gentoo.org; Thu, 29 Sep 2011 21:08:45 +0200 Received: from ip68-231-22-224.ph.ph.cox.net ([68.231.22.224]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 29 Sep 2011 21:08:45 +0200 Received: from 1i5t5.duncan by ip68-231-22-224.ph.ph.cox.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 29 Sep 2011 21:08:45 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-dev@lists.gentoo.org From: Duncan <1i5t5.duncan@cox.net> Subject: [gentoo-dev] Re: Manifest signing Date: Thu, 29 Sep 2011 19:08:29 +0000 (UTC) Message-ID: References: <4E848879.2050100@gentoo.org> <20110929150957.GD704@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: ip68-231-22-224.ph.ph.cox.net User-Agent: Pan/0.135 (Tomorrow I'll Wake Up and Scald Myself with Tea; GIT 8e43cc5 branch-master) Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 1d471425692b84023bad777f14918a79 Fabian Groffen posted on Thu, 29 Sep 2011 17:09:57 +0200 as excerpted: > On 29-09-2011 11:02:17 -0400, Anthony G. Basile wrote: >> The issue of Manifest signing came up in #gentoo-hardened channel ... >> again. Its clearly a security issue and yet many manifests in the tre= e >> are still not signed. Is there any chance that we can agree to reject >> unsigned manifests? Possibly a question for the Council to adjudicate= ? >=20 > Please refer to Mike's thread on this. >=20 > http://archives.gentoo.org/gentoo-dev/ msg_7210bc8a18140db8f18ff89245efacd5.xml Every time this comes up, it gets a bunch of discussion, perhaps a few=20 more people start signing (but with dev turnover, I really don't know if=20 it gets better over time), and eventually the issue goes back to sleep. I have a feeling something similar was happening for kernel.org security=20 discussions. Let's not be them in this regard. In that old thread, the only real issue other than "just doing it" that I= =20 saw raised was that of the two-stage commit thing. AFAIK in theory, that= =20 allows a rather nasty DoS attack, so it does need dealt with, tho a DoS=20 worst-case is already better than the current worst-case. Beyond that, IMO it's now at the "needs a proposal champion to clean it=20 up and present it to the council" stage, at least at the "council=20 declared priority" level for getting the requirements into repoman, the=20 CVS server, and perhaps the PMs (I don't know what stage they're at,=20 possibly all they need is a switch flipped?). Talking about which, at the PM user level, is there a per-repo/overlay=20 switch? If not, it should strongly be considered. With a proposal champion and a council declared priority, hopefully=20 within the year, "the switch" would be ready to be flipped, and a second=20 council vote could be taken to flip it. But, someone with the domain knowledge, both of GPG and of the PMs and=20 commit process, needs to step up as the proposal champion and guide it=20 thru. It seems to me we're "almost there", and this is what's needed=20 now, for that final push. In my book, that champion would stand up there along with WilliamH for=20 being the guy that finally pushed OpenRC thru to stability (absolutely=20 not without the help of others, of course, but it took someone to step up= =20 and actually be the champion that pushed it thru). That's not an=20 insignificant thing to be able to put on one's CV, BTW, that you were the= =20 proposal champion that helped with the final push toward tree signing and= =20 thus general tree security for a community distro like Gentoo. =3D:^) Meanwhile, seems to me that Google, et al. could well have sufficient=20 interest in this, given Gentoo's status as upstream, to sponsor hardware,= =20 etc, if needed. And I'm sure the Gentoo/PR folks would a WHOLE lot rather deal with an=20 announcement that Gentoo's tree is now signed and that the PMs now reject= =20 unsigned by default, BEFORE having to deal with an announcement along the= =20 lines of kernel.org's recent ones, instead of AFTER. =3D:\ --=20 Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman