On 08/11/17 10:51 PM, Jean-Philippe Ouellet wrote:
I could of course verify the signature of the auto-generated sha256sums.asc file which covers all the files (including compressed ones), but that means trusting kernel.org infrastructure - which was compromised in 2011 and may well be compromised again in the future...
Not to argue anything in particular, but sometimes I do have moments where I wonder if moving our ultimate trust to developer workstations (where the signature is generated) was such a great idea. I can assure you that kernel.org infrastructure is, in the majority of cases, vastly better protected than developer workstations -- together with the signing keys that live on them and into which we put the ultimate trust.
I don't have any answers to this, just wanted to share my inner conflict with others. :)
Best, -- Konstantin Ryabitsev Director, IT Infrastructure Security The Linux Foundation -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/996e1530-0ac9-513e-aa4e-38eb64c8006f%40linuxfoundation.org. For more options, visit https://groups.google.com/d/optout.