From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-security-return-1621-arch-gentoo-security=gentoo.org@lists.gentoo.org>
Received: (qmail 10912 invoked from network); 10 Nov 2004 12:58:06 +0000
Received: from smtp.gentoo.org (156.56.111.197)
  by lists.gentoo.org with AES256-SHA encrypted SMTP; 10 Nov 2004 12:58:06 +0000
Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org)
	by smtp.gentoo.org with esmtp (Exim 4.41)
	id 1CRs34-0002zw-D1
	for arch-gentoo-security@lists.gentoo.org; Wed, 10 Nov 2004 12:58:06 +0000
Received: (qmail 28881 invoked by uid 89); 10 Nov 2004 12:57:44 +0000
Mailing-List: contact gentoo-security-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-security@gentoo.org>
List-Help: <mailto:gentoo-security-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-security-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-security-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
X-BeenThere: gentoo-security@gentoo.org
Received: (qmail 16434 invoked from network); 10 Nov 2004 12:57:44 +0000
Date: Wed, 10 Nov 2004 13:55:31 +0100
From: Klaus Wagner <klaus@it-austria.net>
To: Antoine Martin <antoine@nagafix.co.uk>
Cc: Jason Stubbs <jstubbs@work-at.co.jp>,
	gentoo-security@lists.gentoo.org
Message-ID: <20041110125531.GA13071@aeon.user.lan.at>
Reply-To: klaus@it-austria.net
References: <20041110020620.F1ADE2B3DB@smtp.istop.com> <20041109233509.A19723@netdirect.ca> <200411101400.39645.jstubbs@work-at.co.jp> <1100091284.10299.19.camel@cobra>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1100091284.10299.19.camel@cobra>
Phone: +43 21717 56979
X-Operating-System: Linux
User-Agent: Mutt/1.5.6i
Subject: Re: [gentoo-security] Re: Out of air
X-Archives-Salt: 475ef074-2103-438d-8c64-31a443092ef3
X-Archives-Hash: 0538f8adea9d1a5d8fdae12384070b22

On Wed, Nov 10, 2004 at 12:54:44PM +0000, Antoine Martin wrote:
> I think we all admit it may take some time, but we are talking about the
> quick and dirty solution as a stop-gap measure, nothing else.
> And if the better solution takes more than 1.5years to roll out, backup
> plans are just common sense - not criticism.
> 
> 
> I is just a cron job and a script, how would that double the amount of
> work in the future?!?

I really don't see how this is greatly improving security.
A cronjob, that is AUTOMATICALLY signing everything it get's
wouldn't make me happy.

Security, is not only signation and cryptography.
When it comes to signation, I have to trust every point
in the process, and I don't trust cronjobs and "in memory"
passphrases, or even worse unprotected private keys.

regards klaus


--
gentoo-security@gentoo.org mailing list