Hi KP

Am 16.12.2012 11:12, schrieb KP Kirchdoerfer:
> Am 15.12.2012 23:14, schrieb Erich Titl:
>> Hi KP
>>
>> Am 15.12.2012 19:54, schrieb KP Kirchdoerfer:
>>> Hi;
>>>
>>> I did some work on Trac ticket 57 "add gpg signing of packages", and
>>> like to discuss, what I've done so far.
>>
>> Will it still be possible to load unsigned packages?
>
> Yes. Currently verify is not integrated into the install or update commands.
> The user *can* download a gpg signature file for a given lrp and verify
> the package before he installs/updates it. It's recommended, but
> everything else will work as before.

I have a few more doubts

If the verify mechanism is built into config.lrp then it is easy to 
circumvent it, by just disabling it there. This is even easier than in 
in initrd.

Unfortunately I believe if such a mechanism is easy to break it is of no 
great value. If we want this to succeed we need to build some kind of a 
chain of trust and enforce the use of signed packages. If someone wants 
tu build his own package he has to be a member of this chain of trust. 
The program to verify the signature _must_ be signed itself, not only 
the package.

cheers

Erich


------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

_______________________________________________
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Reply via email to