Date: Tue, 30 Dec 2003 08:34:58 -0500 (EST) From: Jose Nazario <jose@monkey.org> To: Sergei Kolobov <sergei@FreeBSD.org> Cc: freebsd-ports@FreeBSD.org Subject: Re: RFC: automatically verify GnuPG signatures Message-ID: <Pine.BSO.4.58.0312300830150.1098@naughty.monkey.org> In-Reply-To: <20031229063439.GA794@chetwood.ru> References: <20031225134736.86816.qmail@kolobov.com> <20031228210730.GD7186@pm1.ric-22.lft.widomaker.com> <Pine.BSO.4.58.0312281644350.15545@naughty.monkey.org> <20031225134736.86816.qmail@kolobov.com> <20031228210730.GD7186@pm1.ric-22.lft.widomaker.com> <Pine.BSO.4.58.0312281644350.15545@naughty.monkey.org> <20031228210730.GD7186@pm1.ric-22.lft.widomaker.com> <20031229063439.GA794@chetwood.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
i'm still against this. here's a scenario that is all too common: you download package foo-1.2 for building with the ports tree, it has a sig. you dont have the key, so you import it. do you trust it? you're the discriminating sort, so you look at the signatures and you see that Jose Nazario signed it. hey, you know him, oh, he has a key. so you say "ok". without tying that key back to the large, strong set of signed keys, you don't know for sure. about 1/3 of the packages i sampled last year don't map back to the strong set, so you can't do realistic key lookups. i gave some presentations on this and even have a paper in JOSU on this. this is why i am against it, the technology doesn't solve the real underlying problem. i do suggest a change in your design, however. dont list two DISTFILE entries and try and work out the logic about which is a signature. have DISTFILE and DISTFILE_SIG, then you never had to question (and potentially make mistakes). it's also very clear to everyone what the file is. i hope all is well. ps: i dont use pgp. if you ever see a key from me consider it invalid and probably compromised. ___________________________ jose nazario, ph.d. jose@monkey.org http://monkey.org/~jose/ http://infosecdaily.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.58.0312300830150.1098>