On Sun, Apr 02, 2000 at 02:30:12PM -0600, Jason Gunthorpe wrote: > On Sun, 2 Apr 2000, Marcus Brinkmann wrote: > > > This is a seperate problem. I agree that this should not be the case, but it > > has no place in this discussion. If individual developer keys are > > compromised, we have a problem no matter what. Developers should not store > > secret keys on net connected machines, point. > > > > However, this only affects the developers packages, not the whole archive. > ^^^^^^^^^^^^^^^^^^^^^ > > GAH!? Don't you see that isn't true?? Look, a hack attempt would go like > this. > > 1) Break root on master > 2) Use that to break user account on developer victum (any will do) > (Hint: I have already shown that torsten at least could be > attacked quite easially) > 3) Steal PGP key > 4) Use stolen PGP to form new glibc package with trojan, sneak into > archive using #1
And it wouldn't be strange that random Joe is uploading a pgp package? And random joe or the real glibc maintainer will not speak up if this really happens? But you have a point, and I add this case: This only affects the developers packages and NMUs. (one could vaguely interpret a NMU as the developers package, as it is carrying his signature, but I admit that I didn't have NMUs in mind when writing this.) Thanks, Marcus
