From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7386 invoked from network); 10 Nov 2004 13:10:26 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 10 Nov 2004 13:10:26 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1CRsF0-0003nT-5l for arch-gentoo-security@lists.gentoo.org; Wed, 10 Nov 2004 13:10:26 +0000 Received: (qmail 24856 invoked by uid 89); 10 Nov 2004 13:10:02 +0000 Mailing-List: contact gentoo-security-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@gentoo.org Received: (qmail 15139 invoked from network); 10 Nov 2004 13:10:02 +0000 From: Antoine Martin To: klaus@it-austria.net Cc: Jason Stubbs , gentoo-security@lists.gentoo.org In-Reply-To: <20041110125531.GA13071@aeon.user.lan.at> References: <20041110020620.F1ADE2B3DB@smtp.istop.com> <20041109233509.A19723@netdirect.ca> <200411101400.39645.jstubbs@work-at.co.jp> <1100091284.10299.19.camel@cobra> <20041110125531.GA13071@aeon.user.lan.at> Content-Type: text/plain Date: Wed, 10 Nov 2004 13:26:26 +0000 Message-Id: <1100093186.10299.27.camel@cobra> Mime-Version: 1.0 X-Mailer: Evolution 2.0.1-1mdk Content-Transfer-Encoding: 7bit Subject: Re: [gentoo-security] Re: Out of air X-Archives-Salt: 6159cc5b-68cb-49d7-8730-524c087d093c X-Archives-Hash: ba34b5bf4a6a77467ea80fe33b9b029c On Wed, 2004-11-10 at 13:55 +0100, Klaus Wagner wrote: > On Wed, Nov 10, 2004 at 12:54:44PM +0000, Antoine Martin wrote: > > I think we all admit it may take some time, but we are talking about the > > quick and dirty solution as a stop-gap measure, nothing else. > > And if the better solution takes more than 1.5years to roll out, backup > > plans are just common sense - not criticism. > > > > > > I is just a cron job and a script, how would that double the amount of > > work in the future?!? > > I really don't see how this is greatly improving security. > A cronjob, that is AUTOMATICALLY signing everything it get's > wouldn't make me happy. > > Security, is not only signation and cryptography. > When it comes to signation, I have to trust every point > in the process, and I don't trust cronjobs and "in memory" > passphrases, or even worse unprotected private keys. Sure, I agree with you. This is would not solve *all* problems. But it would solve the problem that this thread started on, which is to trust all the hops between your box and the gentoo servers. Which is a greater risk than a compromised gentoo server. -- gentoo-security@gentoo.org mailing list