From owner-freebsd-security@FreeBSD.ORG Tue Nov 29 23:27:05 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 606CE16A420 for ; Tue, 29 Nov 2005 23:27:05 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC01B43D7D for ; Tue, 29 Nov 2005 23:27:04 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id AE8991A3C28; Tue, 29 Nov 2005 15:27:04 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id E327051314; Tue, 29 Nov 2005 18:27:03 -0500 (EST) Date: Tue, 29 Nov 2005 18:27:03 -0500 From: Kris Kennaway To: aristeu Message-ID: <20051129232703.GA60060@xor.obsecurity.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm" Content-Disposition: inline In-Reply-To: <002601c5f4fa$b5115320$e403000a@rickderringer> User-Agent: Mutt/1.4.2.1i Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2005 23:27:05 -0000 --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 29, 2005 at 01:36:31PM -0200, aristeu wrote: > I'm new here, and I've posted only once. I just want to add my "just=20 > another user" opinion on this... >=20 > Signing security advisories that sends the hashes for a file does a nice= =20 > job. >=20 > I think the only problem that exists is the package/ports deployment. I= =20 > belive we can't trust only on hashes for this (tar already does a fine jo= b=20 > on integrity...), because it can be easily circunvented. Maybe trusting= =20 > this it is the real weakest link... I'd be happy to work with someone who can implement a solution for the package side. The important thing to keep in mind is that packages are built automatically on many distributed machines. Any solution for signing packages would therefore need to also be automated, e.g. signing them automatically when the packages are pulled back from the build client to server. Kris --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjOPHWry0BWjoQKURAp5aAJ0XVkDRkRHqAoRd8BwSLF3TGbW9OACfXY2q 2AJSefUV4wqflt2F5PgY92c= =Ylsy -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm--