[arch-projects] [dbscripts][PATCH] Prepare to sign repo databases
Thomas Bächler
thomas at archlinux.org
Sun Nov 3 05:17:23 EST 2013
Am 03.11.2013 11:03, schrieb Allan McRae:
> If an attacker obtains any of our packagers keys then they can sign a
> package. So by your logic we should not be signing packages.
>
> Also, this is the way every other distro signs their databases and
> packages. And they all use gpgv to verify packages which has no idea
> about a web of trust. This seems like something we should be able to
> achieve...
>
> Finally, I think signing databases is far more important than signing
> packages. The most practical attack on Arch is to become a mirror and
> hold back package updates with known vulnerabilities. Then you even
> know the IP addresses of people who have the vulnerable package. DB
> signing stops this as the entire database needs held back and people
> will notice the lack of updates.
I tend to fully agree with Allan here. We need to sign databases and the
risk of having the signing key on nymeria is smaller than you make it look.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-projects/attachments/20131103/258883d4/attachment.asc>
More information about the arch-projects
mailing list