Patrick Lauer wrote:
> Signing strategies
> ==================
>
> Once there is an agreement on what files to sign with what kind of keys
> there remains the question how to sign it. There are at least three
> strategies:
> [...]
I prefer a semi-secure solution appearing soon rather than waiting
another three+ years for a potentially better solution.
Currently users only have two choices :
- masterkey-signed portage snapshots
- unsigned (and so, insecure) rsync mirrors
This is obviously not satisfying.
It has taken years to try to get per-developer signing implemented,
without success. We should try to do masterkey signing ("simple" method)
and see if we go somewhere. It's is so much better than nothing.
So I would rather work on ensuring everything in portage gets properly
signed rather than designing key policies, cross-signing strategies and
ways to force developers to sign properly. Given the current state of
Gentoo it is a much more reachable goal.
--
Thierry Carrez (Koon)
Gentoo Security Team and Gentoo Council Member
--
[email protected] mailing list
