On Sat, 2006-05-20 at 10:13 +0200, Thierry Carrez wrote:
> Patrick Lauer wrote:
> 
> > Signing strategies
> > ==================
> > 
> > Once there is an agreement on what files to sign with what kind of keys
> > there remains the question how to sign it. There are at least three
> > strategies:
> > [...]
> 
> I prefer a semi-secure solution appearing soon rather than waiting
> another three+ years for a potentially better solution.
A staged plan might be best then:
- implement a simple master-key signing
- discuss the more complex distributed models
- implement the distributed models if agreed upon

> Currently users only have two choices :
> 
> - masterkey-signed portage snapshots
> - unsigned (and so, insecure) rsync mirrors
> 
> This is obviously not satisfying.
Yes. It also gives us ~100 single points of attacks as every compromised rsync 
mirror could go undetected for a long time.

> It has taken years to try to get per-developer signing implemented,
> without success. We should try to do masterkey signing ("simple" method)
> and see if we go somewhere. It's is so much better than nothing.
There is no authority that "forces" signing.
Making signing mandatory should not cause big problems now ...

> So I would rather work on ensuring everything in portage gets properly
> signed rather than designing key policies, cross-signing strategies and
> ways to force developers to sign properly. Given the current state of
> Gentoo it is a much more reachable goal.
"properly signed" implies some standard or policy to measure it against.

So we need to have some agreement what is needed to assure "properly
signed everything" - it looks like the centralized masterkey model will
have the smallest impact on all involved. Then we look at all issues
this model has, try to fix all bugs - then we have a plan to implement,
and I hope that this will happen in a reasonable timeframe.

Patrick
-- 
Stand still, and let the rest of the universe move

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to