[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package authentication proposal

Stephen Early <sde1000@cam.ac.uk>, writes:
> This bit of text (written in NPML [no particular markup language])
> describes a system for ensuring that the packages we distribute are
> not tampered with between leaving the maintainer and arriving at the
> machine where they are to be installed.

It seems like a system that would certainly allow us to securely
automate uploads.

My only concern is that it would take a good bit of initial work
to have confidence in all of the signatures, and a good bit of work
to get all of the scripts &c set up.  But probably worth it in the long haul.

> There is a 'validity' key, held online in dedicated secure
> hardware. This could be a separate, non-networked machine connected to
> a networked front-end machine (not necessarily dedicated) by a serial
> cable. It need not be securely connected to the primary ftp site.

This is the only part that I don't understand.  What exactly does having the 
machine being connected via serial cable rather that ethernet buy you?
It seems "more" secure, but still not secure.  Whatever that is ;)

Carl Streeter                   |  "Etiquette-wise, there is no proper time 
streeter@cae.wisc.edu           |    to use the phrase 'It sucks.'" --Dogbert
Just another Perl hacker        |  "I'm a heartless bastard." --Linus Torvalds
Ask me about Debian/GNU Linux.  |    http://www.cae.wisc.edu/~streeter/

Reply to: