Re: Package authentication proposal
Stephen Early <sde1000@cam.ac.uk>, writes:
>
> This bit of text (written in NPML [no particular markup language])
> describes a system for ensuring that the packages we distribute are
> not tampered with between leaving the maintainer and arriving at the
> machine where they are to be installed.
It seems like a system that would certainly allow us to securely
automate uploads.
My only concern is that it would take a good bit of initial work
to have confidence in all of the signatures, and a good bit of work
to get all of the scripts &c set up. But probably worth it in the long haul.
> There is a 'validity' key, held online in dedicated secure
> hardware. This could be a separate, non-networked machine connected to
> a networked front-end machine (not necessarily dedicated) by a serial
> cable. It need not be securely connected to the primary ftp site.
This is the only part that I don't understand. What exactly does having the
machine being connected via serial cable rather that ethernet buy you?
It seems "more" secure, but still not secure. Whatever that is ;)
--
Carl Streeter | "Etiquette-wise, there is no proper time
streeter@cae.wisc.edu | to use the phrase 'It sucks.'" --Dogbert
Just another Perl hacker | "I'm a heartless bastard." --Linus Torvalds
Ask me about Debian/GNU Linux. | http://www.cae.wisc.edu/~streeter/
Reply to: