[arch-general] pacman-key complaining, but what to do about it?
ProgAndy
admin at progandy.de
Wed Apr 2 13:22:06 EDT 2014
Am 02.04.2014 19:01, schrieb Daniel Micay:
> On 02/04/14 01:00 PM, Daniel Micay wrote:
>> On 02/04/14 12:47 PM, Nowaker wrote:
>>>> There may be a transparent proxy in your routing chain that strips
>>>> compression in order to run a virus scan.
>>> Time for SSL-securing Arch Linux repos to prevent any sort of
>>> man-in-the-middle attacks? Even such trivial things like compression
>>> stripping, or image optimization often performed by mobile internet
>>> providers is a man-in-the-middle. This should be fought by any means.
>> Packages are already signed, and pacman has support for signing the
>> repositories. Using TLS for repositories is close to useless because the
>> mirrors are not *really* trusted entities, and the CA system is a broken
>> alternative to the solid archlinux-keyring package.
> We aren't actually signing the sync databases yet, but should be. Even
> if it means using a low-trust key on the servers, it would need to be
> treated differently than the package signing keys if it was a lower
> trust level though, because it shouldn't be able to sign packages.
>
Maybe require all certificates used for package signing to have the
"codeSigning" capability? The database certificate won't have that flag.
More information about the arch-general
mailing list