On Thu, May 10, 2012 at 5:02 PM, Ciaran McCreesh <[email protected]> wrote: > On Thu, 10 May 2012 14:36:14 +0200 > > There's no such thing as "limited security".
Sure there is. There's probably no such thing as "complete security". Even with checksuming, a hacker could own a developer's box and... etc etc. Mitigations at any level are important. In any case, this is a topic for a different thread and probably different mailing list. May I suggest we continue this conversation on [email protected] ? > > No, you'd only have to get an rsync mirror. True, since you can backdoor the ebuilds themselves pretty easily. But backdoing distfiles requires two pwnages for gentoo. Right now in Exherbo, we have exheres adequately secure. We don't have distfiles adequately secure. > > How does that fit in with the standard workflow? > > http://ciaranm.wordpress.com/2010/11/28/exherbo-development-workflow-version-2/ The standard work flow would be the same. There would just be the additional step of updating the hash value. > > Bear in mind that people might be working on dozens of packages all in > one go. I'm presuming that responsible developers already follow best practices and check the upstream fingerprint on tarballs they develop on, and are generally conscientious about rogue tarballs. How about this as a proposal: In my original letter, I wrote: > We add two global options for build_options: > - require-checksum-success: Builds fail if the distfiles have the > wrong checksums. > - require-checksum-existance: Build fails if checksum does not exist. What if we enable this feature, but to begin with, we make require-checksum-success true, *but make require-checksum-existence false*. That way, we could start to enable it for packages that are common backdooring targets, like openssh, vsftpd, etc, without being entirely disruptive. As Exherbo shifts into the security consciousness, we could, at some point, enable require-checksum-existence by default. _______________________________________________ Exherbo-dev mailing list [email protected] http://lists.exherbo.org/mailman/listinfo/exherbo-dev
