Le mercredi 16 mai 2007 à 11:18 -0500, Josh Boyer a écrit : > On Wed, 2007-05-16 at 09:02 -0700, Chris Weyl wrote: > > > > * a "make push" command that could be run to push a package w/o any > > manual intervention. For most packages, a "make tag build push" would > > suffice, and the world wouldn't come to an end. > > That should never happen for updates. Packages are signed and you need > a human to sign them. Automating the signing process is absurd because > if that's done, there is no point in signing things anyway. Of course there is. It's not as strong as manual signing but it prevents $random_script_kiddie dumping files on one of the numerous Fedora mirrors and have them propagated to user systems (Did the various auto-signing opponents ever bothered with a security audit of every Fedora mirror? Why would an attacker even bother with the root system when there are countless mirrors to attack?) Besides if someone manages to get access to the machine that does the signing, he can probably inject files in the root mirror whether they are signed or not, so you could as well advocate removing direct network feed of this system and require rel-eng to push the packages manually via a "secured" physical usb key. We all know manual signing is ideal. It's not practical for fedora-devel. And auto-signing is a hell more secure than no signing at all (on a similar vein refusing to do repotags bacause "filename" is not secure is ridiculous, filename is not secure with or without repotags, that's no reason not to have useful descriptive filemanes) -- Nicolas Mailhot
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
-- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers
-- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
