From: Antoine Martin <antoine@nagafix.co.uk>
To: Jason Stubbs <jstubbs@work-at.co.jp>
Cc: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] Re: Out of air
Date: Wed, 10 Nov 2004 12:54:44 +0000 [thread overview]
Message-ID: <1100091284.10299.19.camel@cobra> (raw)
In-Reply-To: <200411101400.39645.jstubbs@work-at.co.jp>
> > The current development effort that is underway is not one that can be
> > implemented overnight, but there is a solution that manages to satisfy
> > the core needs of this thread that can be implemented overnight.
I second that.
To reply to a few other threads:
1) This is no disrespect to the gentoo devs (kudos here) or the other,
better solution that is in the works. Just a band-aid we would rather
have now.
2) To all those saying that code should be submitted, we do not have
access to the rsync servers needed to code 5 lines of bash.
> I would advise everybody to read through aforementioned discussions in the
> archives of gentoo-dev@gentoo.org before persuing this. Something that
> appears so simple as this on the surface still has a number of sharp edges.
> The infrastructure team would have to do some careful planning and possibly
> restructing of job control on the master rsync and cvs servers. The portage
> team would need to implement support for verifying the signature is valid.
> Whoever else would have to plan and implement distribution of this
> all-powerful key.
I think we all admit it may take some time, but we are talking about the
quick and dirty solution as a stop-gap measure, nothing else.
And if the better solution takes more than 1.5years to roll out, backup
plans are just common sense - not criticism.
> But it doesn't stop there. Following this would be plan of action for the case
> that the all-powerful key is compromised. Then there is also the up to six
> month transition period between this solution and the solution that is
> currently being implemented. That also requires careful planning and
> implementation. So.. adding this simple solution now actually more than
> doubles the amount of work that needs to be done down the track.
Would you care to expand on that?
I is just a cron job and a script, how would that double the amount of
work in the future?!?
Antoine
--
gentoo-security@gentoo.org mailing list
next prev parent reply other threads:[~2004-11-10 12:38 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-10 2:05 [gentoo-security] Out of air Denis Roy
2004-11-10 4:35 ` [gentoo-security] " Chris Frey
2004-11-10 4:53 ` Chris Haumesser
2004-11-10 5:08 ` Jason Stubbs
2004-11-10 7:02 ` Chris Haumesser
2004-11-10 7:04 ` Chris Haumesser
2004-11-10 7:22 ` Marius Mauch
2004-11-10 10:03 ` Dominik Schäfer
2004-11-10 13:52 ` [gentoo-security] The solution and hopefully the end Kurt Lieber
2004-11-10 14:00 ` Anthony Metcalf
2004-11-10 14:24 ` [gentoo-security] " Chris Frey
2004-11-10 18:15 ` [gentoo-security] " Gary Nichols
2004-11-10 19:02 ` Joey McCoy
2004-11-10 19:20 ` Michael Gruenberger
2004-11-10 19:57 ` Joey McCoy
2004-11-10 21:22 ` Glen Combe
2004-11-10 21:57 ` William Barnett
2004-11-10 19:26 ` DeadManMoving
2004-11-10 22:17 ` [gentoo-security] " Thomas Kirchner
2004-11-10 22:20 ` Jeff Smelser
2004-11-10 22:26 ` dan
2004-11-10 23:42 ` [gentoo-security] " Thomas Kirchner
2004-11-11 1:16 ` [gentoo-security] " James A. Cox
2004-11-11 1:19 ` Jason Stubbs
2004-11-11 5:45 ` [gentoo-security] " Peter Simons
2004-11-11 8:41 ` [gentoo-security] just can't let it die Chris Haumesser
2004-11-11 9:14 ` Sune Kloppenborg Jeppesen
2004-11-11 10:56 ` [gentoo-security] The solution and hopefully the end Paul de Vrieze
2004-11-10 5:00 ` [gentoo-security] Re: Out of air Jason Stubbs
2004-11-10 12:54 ` Antoine Martin [this message]
2004-11-10 12:46 ` Rui Pedro Figueira Covelo
2004-11-10 13:10 ` Antoine Martin
2004-11-10 12:55 ` Klaus Wagner
2004-11-10 13:15 ` Andreas Waschbuesch
2004-11-10 13:26 ` Antoine Martin
2004-11-10 13:31 ` Anthony Metcalf
2004-11-10 14:03 ` Antoine Martin
2004-11-10 13:55 ` Anthony Metcalf
2004-11-10 14:04 ` Calum
-- strict thread matches above, loose matches on Subject: below --
2004-11-10 1:21 [gentoo-security] Out of air (was: Let's blow the whistle) Peter Simons
2004-11-10 2:25 ` [gentoo-security] Out of air RNuno
2004-11-10 3:07 ` [gentoo-security] " Peter Simons
2004-11-10 3:10 ` Anthony Gorecki
2004-11-10 3:29 ` Marius Mauch
[not found] ` <4191882C.3010002@ca.istop.com>
[not found] ` <87zn1qtmd2.fsf@peti.cryp.to>
2004-11-10 3:31 ` Den
2004-11-10 3:41 ` Peter Simons
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1100091284.10299.19.camel@cobra \
--to=antoine@nagafix.co.uk \
--cc=gentoo-security@lists.gentoo.org \
--cc=jstubbs@work-at.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox