Re: Archive signatures versus message digests



Hi Olav !

On Fri, 2011-12-16 at 15:20 +0100, Olav Vitters wrote:
> On Thu, Dec 15, 2011 at 04:51:02PM +0100, Guido Trentalancia wrote:
> > Also consider that Redhat, being a supplier of systems to the US
> > government, might have legal obligations towards it to use NSA or at
> > least NIST certified cryptographic equipment instead of uncertified
> > open-source software such as gpg (www.gnupg.de) that I had proposed to
> > you as an initial affordable solution fit for purpose of many home users
> > provided that gpg is in turn secure and provided that the algorithms
> > being used are secure enough.
> 
> Why does it matter what Red Hat legal obligations are? I say it once
> again: SHA256 is not there to provide security. GPG might be nice, not
> doing it at the moment, will be done at some point in future.

Excellent. I hope that point of future will come soon !

> > But if you really never heard anything like this before, then a good
> > introductory article for the general public is the following one:
> > 
> > http://www.bbc.co.uk/news/uk-england-gloucestershire-11475101
> > 
> > Of course other algorithms can be invented and created if those provided
> > at no cost by gpg do not suit your taste or if you can prove that they
> > are faulty or too weak.
> 
> I suggest looking into practical security instead of your theoretical
> stuff. Yeah GPG might have some added value. Practically speaking, with
> the current infrastructure at GNOME, it will provide a _false_ sense of
> security.
> 
> Please read https://lwn.net/Articles/467598/ to see how I work on
> security. Fixing the bigger problems, instead of minor things like GPG
> while leaving a big gaping door open.

Yes, excellent. Shell access for developers is craziness, as you noted. 

Developers shall only have the right to upload their tarball along with
its digital signature if the packages are signed by the developers or
otherwise just the tarball over a secure connection if the packages are
going to be signed automatically by a master (the paid sysadmin) on
his/her behalf by a script or periodic process or modified SCP/SFTP
server upon arrival of the tarball.

Developers can just use plain and simple SCP or SFTP and SSH is
completely disabled on the server.

Thanks very much for volunteering your time !

Kind regards,

Guido Trentalancia



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]