From: Rui Covelo <rpfc@mega.ist.utl.pt>
To: Chris Frey <cdfrey@netdirect.ca>
Cc: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] Re: Re: Is anybody else worried about this?
Date: Sun, 07 Nov 2004 17:04:29 +0000 [thread overview]
Message-ID: <418E559D.1090104@mega.ist.utl.pt> (raw)
In-Reply-To: <20041107114445.B9045@netdirect.ca>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| So is the solution. It was posted a few messages back. We just need some
| admin to drop a find script on the main server and setup the required
| keys. Once the signatures are there, anyone can write the userland script
| to do the verification, but until then, there's no point to write it since
| the server implementation is not known.
|
| - Chris
Read Peter's message moments after sending mine.
I like Peter's idea. But the question is still, where to keep the public
key and private key. Yes, maybe it's better to trust the developers than
any mirror admin.
Adding to what Peter said, what about having the public and private key
changed periodicaly (developers come and go, keys should come and go
too) and have the portage download automaticaly the public key and
revokation certificates when needed from a single server? Ex: www.gentoo.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBjlWbfLPhlaxNQk0RAqfZAJsGaLid/8BzfXhQVbsNlLDKgfaUbQCggsW7
kc2rYAq3W0CdOCTgDYcQ0jQ=
=GziW
-----END PGP SIGNATURE-----
--
gentoo-security@gentoo.org mailing list
next prev parent reply other threads:[~2004-11-07 17:05 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-06 20:16 [gentoo-security] Trojan for Gentoo, part 2 Alexander Holler
2004-11-07 0:31 ` [gentoo-security] " Chris Frey
2004-11-07 13:10 ` [gentoo-security] help blocking automated ssh scanning attack script Brian G. Peterson
2004-11-07 13:16 ` Gary Nichols
2004-11-07 13:31 ` Brian G. Peterson
2004-11-07 13:37 ` Rui Covelo
2004-11-07 13:50 ` aScii
2004-11-08 4:44 ` Kim Nielsen
2004-11-07 14:50 ` [gentoo-security] Re: Trojan for Gentoo, part 2 Jason Rojas
2004-11-07 17:01 ` Carsten Lohrke
2004-11-07 15:23 ` Kurt Lieber
2004-11-07 15:44 ` Peter Simons
2004-11-07 15:49 ` Kurt Lieber
2004-11-07 16:01 ` Jan Groenewald
2004-11-07 16:07 ` Peter Simons
2004-11-07 16:52 ` Dan Margolis
2004-11-07 17:43 ` Andreas Waschbuesch
2004-11-07 17:52 ` Dan Margolis
2004-11-07 19:08 ` Chocron J.
2004-11-07 19:11 ` Andreas Waschbuesch
2004-11-08 2:41 ` [gentoo-security] How to authenticate the portage tree Peter Simons
2004-11-08 9:37 ` [gentoo-security] Gentoo Portage Attack Tree Ervin Németh
2004-11-08 10:11 ` Kurt Lieber
2004-11-08 12:15 ` [gentoo-security] " Peter Simons
2004-11-12 7:00 ` Ed Grimm
2004-11-08 20:05 ` [gentoo-security] How to authenticate the portage tree Marius Mauch
2004-11-07 13:14 ` [gentoo-security] Is anybody else worried about this? (was: Trojan for Gentoo, part 2) Peter Simons
2004-11-07 15:40 ` [gentoo-security] Is anybody else worried about this? Marc Ballarin
2004-11-07 15:15 ` Tobias Klausmann
2004-11-07 15:20 ` Alex
2004-11-07 15:28 ` [gentoo-security] " Peter Simons
2004-11-07 15:45 ` Rui Covelo
2004-11-07 16:44 ` [gentoo-security] " Chris Frey
2004-11-07 17:04 ` Rui Covelo [this message]
2004-11-07 17:11 ` [gentoo-security] " Chris Frey
2004-11-07 17:56 ` [gentoo-security] " Peter Simons
2004-11-07 18:00 ` Marc Ballarin
2004-11-07 17:26 ` Barry.Schwartz
2004-11-07 16:31 ` Chris Frey
2004-11-07 17:07 ` [gentoo-security] " Dan Margolis
[not found] ` <418E5425.6070400@seas.upenn.edu>
2004-11-07 18:34 ` Marc Ballarin
2004-11-07 17:57 ` Dan Margolis
2004-11-07 19:36 ` Marc Ballarin
2004-11-07 18:51 ` [gentoo-security] " Peter Simons
2004-11-08 20:12 ` Marius Mauch
2004-11-07 15:40 ` [gentoo-security] Is anybody else worried about this? (was: Trojan for Gentoo, part 2) Kurt Lieber
2004-11-07 17:01 ` [gentoo-security] " Chris Frey
2004-11-07 18:35 ` Dan Noe
2004-11-07 19:04 ` Marc Ballarin
2004-11-07 18:25 ` Peter Simons
2004-11-07 23:26 ` Kurt Lieber
2004-11-07 23:52 ` [gentoo-security] No, apparently not. (was: Is anybody else worried about this?) Peter Simons
2004-11-08 0:17 ` Kurt Lieber
2004-11-08 1:05 ` [gentoo-security] " Peter Simons
2004-11-08 1:08 ` Anthony Gorecki
2004-11-08 1:18 ` Peter Simons
2004-11-08 16:11 ` Jake Hawkes
2004-11-08 1:31 ` Kurt Lieber
2004-11-08 1:35 ` Peter Simons
2004-11-08 9:19 ` Tobias Klausmann
2004-11-08 10:19 ` Kurt Lieber
2004-11-08 11:53 ` Tobias Klausmann
2004-11-08 12:17 ` Anthony Metcalf
2004-11-08 10:30 ` [gentoo-security] Re: No, apparently not Thierry Carrez
2004-11-08 12:01 ` Peter Simons
2004-11-08 10:36 ` [gentoo-security] Keys on a cd? Anthony Metcalf
2004-11-08 13:30 ` Kurt Lieber
2004-11-08 2:17 ` [gentoo-security] No, apparently not Brian Bilbrey
2004-11-08 2:33 ` [gentoo-security] " Peter Simons
2004-11-08 2:49 ` [gentoo-security] " Ed Grimm
2004-11-08 2:51 ` [gentoo-security] " Peter Simons
2004-11-08 3:01 ` Ed Grimm
2004-11-08 3:08 ` Peter Simons
2004-11-08 1:03 ` [gentoo-security] Re: Re: Is anybody else worried about this? (was: Trojan for Gentoo, part 2) Chris Frey
2004-11-08 1:19 ` Kurt Lieber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=418E559D.1090104@mega.ist.utl.pt \
--to=rpfc@mega.ist.utl.pt \
--cc=cdfrey@netdirect.ca \
--cc=gentoo-security@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox