Re: Package signing for the umpteenth time (was Re: unrealircd 3.2.8.1-2 contains backdoor)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, 14 Jun 2010, Denis A. Altoé Falqueto wrote:
And keep in mind that package signing per se will not solve this kind
of problems. Repository database signing is more important for that
solution, but is a problem in the current workflow of Arch developers.

How exactly is core and extra database populated?

Moreover, instead of building all packages in the private PCs of developers, I think it is preferable to submit PKGBUILDs to build servers (via web interface maybe) and let the servers do the build + signing + repoupdate... That way if a developer's system gets compromised his packages will stay clean. Of course that needs extra work and equipment, but perhaps we can agree to it as a future target.

On another note, an easy but maybe a bit costly way to avoid any MITM tampering to packages, is serve *.md5 files for every package through a trusted HTTPS host. Then everyone can query that single host and check if the package he got from a mirror is safe.

Costs: A little more traffic by serving hash files to everyone plus the cost of the certificate from a CA. Is the income Arch receives from ads and schwag enough for such a simple solution?


Dimitris

[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux