[arch-dev-public] [RFC] Moving repos to nymeria
Gaetan Bisson
bisson at archlinux.org
Thu Sep 6 12:46:12 EDT 2012
[2012-09-06 17:39:03 +0200] Florian Pritz:
> The idea is to reduce the possible damage an attacker can cause if he
> happens to obtain a dev's/TU's ssh key. Without a shell and only a few
> whitelisted commands the box should be very safe. That allows us to use
> a server stored signing key for the database without having to worry
> about someone using a kernel exploit and gaining access to the key.
Did we abandon the idea of having packagers download the old DB, check
its signature, do changes to it, sign the new DB, and upload it back?
Because I would certainly find this much safer and trustworthy than
having a black-box server blindly signs anything it is given.
And I would also find it too bad to lose the flexibility actual non-root
Linux accounts give, such as being able to fix things ourselves when
they go wrong (like when pushing to the wrong repo).
Cheers.
--
Gaetan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20120907/1b67371f/attachment-0001.asc>
More information about the arch-dev-public
mailing list