On Tue, Feb 04, 2014 at 05:57:21PM -0200, Giancarlo Razzolini wrote: > Em 04-02-2014 17:37, Daniel Cegie??ka escreveu: > > I agree with the fact that we have no solution to this problem, and > > probably will not find it quickly (or ever). I do not want to shout > > that now we have to do something. I want to make people aware that > > even with signify still need to keep limited trust. > > > > best, > > Daniel > You do not need to do this. The people who cares about this, know that > there is no solution. And do not delude yourself thinking that there > will ever be one. There are many attacks that even with signed packages, > base, whatever, are possible and can be way more damaging. The evil > developer attack, Trusting trust issues, etc. There are lots of vectors > an operational system can be entirely compromised, before it's even > installed on your machine. And since it's an OS, there can't even be > deterministic builds, perhaps just of some binaries in base, for some > platforms, never of the kernel itself.
I *encourage* you guys to read signify and pkg_add code and poke holes in them!
