From: Antoine Martin <antoine@nagafix.co.uk>
To: klaus@it-austria.net
Cc: Jason Stubbs <jstubbs@work-at.co.jp>, gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] Re: Out of air
Date: Wed, 10 Nov 2004 13:26:26 +0000 [thread overview]
Message-ID: <1100093186.10299.27.camel@cobra> (raw)
In-Reply-To: <20041110125531.GA13071@aeon.user.lan.at>
On Wed, 2004-11-10 at 13:55 +0100, Klaus Wagner wrote:
> On Wed, Nov 10, 2004 at 12:54:44PM +0000, Antoine Martin wrote:
> > I think we all admit it may take some time, but we are talking about the
> > quick and dirty solution as a stop-gap measure, nothing else.
> > And if the better solution takes more than 1.5years to roll out, backup
> > plans are just common sense - not criticism.
> >
> >
> > I is just a cron job and a script, how would that double the amount of
> > work in the future?!?
>
> I really don't see how this is greatly improving security.
> A cronjob, that is AUTOMATICALLY signing everything it get's
> wouldn't make me happy.
>
> Security, is not only signation and cryptography.
> When it comes to signation, I have to trust every point
> in the process, and I don't trust cronjobs and "in memory"
> passphrases, or even worse unprotected private keys.
Sure, I agree with you. This is would not solve *all* problems.
But it would solve the problem that this thread started on, which is to
trust all the hops between your box and the gentoo servers. Which is a
greater risk than a compromised gentoo server.
--
gentoo-security@gentoo.org mailing list
next prev parent reply other threads:[~2004-11-10 13:10 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-10 2:05 [gentoo-security] Out of air Denis Roy
2004-11-10 4:35 ` [gentoo-security] " Chris Frey
2004-11-10 4:53 ` Chris Haumesser
2004-11-10 5:08 ` Jason Stubbs
2004-11-10 7:02 ` Chris Haumesser
2004-11-10 7:04 ` Chris Haumesser
2004-11-10 7:22 ` Marius Mauch
2004-11-10 10:03 ` Dominik Schäfer
2004-11-10 13:52 ` [gentoo-security] The solution and hopefully the end Kurt Lieber
2004-11-10 14:00 ` Anthony Metcalf
2004-11-10 14:24 ` [gentoo-security] " Chris Frey
2004-11-10 18:15 ` [gentoo-security] " Gary Nichols
2004-11-10 19:02 ` Joey McCoy
2004-11-10 19:20 ` Michael Gruenberger
2004-11-10 19:57 ` Joey McCoy
2004-11-10 21:22 ` Glen Combe
2004-11-10 21:57 ` William Barnett
2004-11-10 19:26 ` DeadManMoving
2004-11-10 22:17 ` [gentoo-security] " Thomas Kirchner
2004-11-10 22:20 ` Jeff Smelser
2004-11-10 22:26 ` dan
2004-11-10 23:42 ` [gentoo-security] " Thomas Kirchner
2004-11-11 1:16 ` [gentoo-security] " James A. Cox
2004-11-11 1:19 ` Jason Stubbs
2004-11-11 5:45 ` [gentoo-security] " Peter Simons
2004-11-11 8:41 ` [gentoo-security] just can't let it die Chris Haumesser
2004-11-11 9:14 ` Sune Kloppenborg Jeppesen
2004-11-11 10:56 ` [gentoo-security] The solution and hopefully the end Paul de Vrieze
2004-11-10 5:00 ` [gentoo-security] Re: Out of air Jason Stubbs
2004-11-10 12:54 ` Antoine Martin
2004-11-10 12:46 ` Rui Pedro Figueira Covelo
2004-11-10 13:10 ` Antoine Martin
2004-11-10 12:55 ` Klaus Wagner
2004-11-10 13:15 ` Andreas Waschbuesch
2004-11-10 13:26 ` Antoine Martin [this message]
2004-11-10 13:31 ` Anthony Metcalf
2004-11-10 14:03 ` Antoine Martin
2004-11-10 13:55 ` Anthony Metcalf
2004-11-10 14:04 ` Calum
-- strict thread matches above, loose matches on Subject: below --
2004-11-10 1:21 [gentoo-security] Out of air (was: Let's blow the whistle) Peter Simons
2004-11-10 2:25 ` [gentoo-security] Out of air RNuno
2004-11-10 3:07 ` [gentoo-security] " Peter Simons
2004-11-10 3:10 ` Anthony Gorecki
2004-11-10 3:29 ` Marius Mauch
[not found] ` <4191882C.3010002@ca.istop.com>
[not found] ` <87zn1qtmd2.fsf@peti.cryp.to>
2004-11-10 3:31 ` Den
2004-11-10 3:41 ` Peter Simons
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1100093186.10299.27.camel@cobra \
--to=antoine@nagafix.co.uk \
--cc=gentoo-security@lists.gentoo.org \
--cc=jstubbs@work-at.co.jp \
--cc=klaus@it-austria.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox