From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-security-return-1689-arch-gentoo-security=gentoo.org@lists.gentoo.org>
Received: (qmail 17115 invoked from network); 12 Nov 2004 09:00:44 +0000
Received: from smtp.gentoo.org (156.56.111.197)
  by lists.gentoo.org with AES256-SHA encrypted SMTP; 12 Nov 2004 09:00:44 +0000
Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org)
	by smtp.gentoo.org with esmtp (Exim 4.41)
	id 1CSXIS-0003i4-0T
	for arch-gentoo-security@lists.gentoo.org; Fri, 12 Nov 2004 09:00:44 +0000
Received: (qmail 14467 invoked by uid 89); 12 Nov 2004 09:00:22 +0000
Mailing-List: contact gentoo-security-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-security@gentoo.org>
List-Help: <mailto:gentoo-security-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-security-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-security-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
X-BeenThere: gentoo-security@gentoo.org
Received: (qmail 31586 invoked from network); 12 Nov 2004 09:00:22 +0000
Date: Fri, 12 Nov 2004 11:00:18 +0100
From: Marius Mauch <genone@gentoo.org>
To: gentoo-security@lists.gentoo.org
Message-ID: <20041112110018.5b5c62e5@sven.genone.homeip.net>
In-Reply-To: <012901c4c82d$637ee2c0$2203010a@gcombe>
References: <opshbdknbu8y4is6@damnpenguin>
	<Pine.LNX.4.60.0411111219040.8506@hosting2.blondetribe.net>
	<FA7F9167-3419-11D9-BE4D-000A958C5792@firstaidmusic.com>
	<200411111355.05847.tradergt@smelser.org>
	<010401c4c82a$98d39040$2203010a@gcombe>
	<20041111202016.GL10927@mail.lieber.org>
	<012901c4c82d$637ee2c0$2203010a@gcombe>
Organization: Gentoo Linux
X-Mailer: Sylpheed-Claws 0.9.12b (GTK+ 1.2.10; x86_64-pc-linux-gnu)
X-Face: H@&[wkk?l:Zx:8i_5bViK&{Vz{c{~r),^&:v/r#+X5dmfA6qCl)~'Ul{"&06Q1[05.%v&c>je5R{=xLnx^=~lN~rO0xuR~~NY)<MB_iH0+TEA(imBf+vcJfeG1sjv=IfQCn8OB5IGuRjP8?8=;ptUrg\oGjgDx;=$ToLyG!Qz]g?"{zwH`>CX\"Nc4$9CBPwDl-.pYuVeGdir86L@\:j?7@%Ej2?Wi-Y0=1]T14ce0w79Bckk[*ti{;iA"{;I}&E~.msRBsBS)N!CS4Gd|_UR
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
 micalg="pgp-sha1";
 boundary="Signature=_Fri__12_Nov_2004_11_00_18_+0100_DcKjFVBvGCp3Y3PH"
X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:7e6c91d1b14dbccceb2f2166522fa0f6
Subject: Re: [gentoo-security] Maybe a new approach?
X-Archives-Salt: c7407d4c-54ea-40df-98fd-f306b4115b6a
X-Archives-Hash: 0bfe3d4e96bb996c6d34cfd81feb6392

--Signature=_Fri__12_Nov_2004_11_00_18_+0100_DcKjFVBvGCp3Y3PH
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

On Thu, 11 Nov 2004 13:31:14 -0700
"Glen Combe" <gcombe@co.weber.ut.us> wrote:

> Kurt.
> 
> Detail of time and implemention is what I have in mind.   I sense you
> might have a good feel for that?   Weeks?  Months?

Well, first lets see what we're still missing implementation-wise:
1) checksums/signatures for eclasses, profiles, the "scripts" dir and
maybe a few others
2) enforcement for devs to sign their packages
3) some kind of PKI for portage signing keys
4) better verification support, the current implementation has a few
problems (performance sucks and key management is almost completely
manual)
5) stuff I forgot to mention here

So now what needs to be done to fix these points:
1) a) decide how these files are to be signed/verified (one Manifest for
all eclasses, individual signatures, ...)
   b) modify repoman to work in those dirs (currently it's only for
package dirs)
2) a) ensure that *ALL* devs use repoman
   b) change repoman so only signed packages/eclasses/... are committed
3) not sure
4) a) find a way to improve gpg performance
   b) add support for 3)
5) no clue ;)

>>From this list, 1a), 2a) and 3) are outside the scope of dev-portage
(well, we could make an arbitrary decision for 1a), so I can't give any
estimates for them. I also can't give any estimate for 4a) as I don't
know if that's possible or 4b) as it depends on 3). So the only points I
can give any information on are 1b) and 2b):
1b) shouldn't be too difficult although repoman is tricky piece of
software, I'd guess it would take a week or so for an initial
implementation (depends on 1a of course)
2b) Tricky to do this in a proper way. Pretty much needs real
transaction support in repoman. A 80% solution is pretty simple though
(less than a week). I'd need to go into implementation details of
repoman to completely explain this.

Marius

-- 
Public Key at http://www.genone.de/info/gpg-key.pub

In the beginning, there was nothing. And God said, 'Let there be
Light.' And there was still nothing, but you could see a bit better.

--Signature=_Fri__12_Nov_2004_11_00_18_+0100_DcKjFVBvGCp3Y3PH
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBlIm1WzrL1pM7SNcRAtXmAJ4mMDAI9kse9XQaJh0ZMN2HIasRyQCcDqB7
/44pp3+biwjk+NH3PQsr1vQ=
=T4oU
-----END PGP SIGNATURE-----

--Signature=_Fri__12_Nov_2004_11_00_18_+0100_DcKjFVBvGCp3Y3PH--