Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files

To: Oscar Levi <elf@buici.com>
Cc: Debian-Devel <debian-devel@lists.debian.org>
Subject: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
From: Jason Gunthorpe <jgg@ualberta.ca>
Date: Mon, 14 Dec 1998 14:15:21 -0700 (MST)
Message-id: <[🔎] Pine.LNX.3.96.981214141341.4746J-100000@wakko>
In-reply-to: <[🔎] 19981214130902.I17178@hazel.buici.com>

On Mon, 14 Dec 1998, Oscar Levi wrote:

> Agreed.  I believe I made the point before that bsign certs only make
> sense when the sysadmin trusts the signature.  I can see it being
> useful to have debian maintainers sign their binaries as part of a
> chain of trust.  The SA installs a package and resigns it with his own
> key after checking the existing signature against his copy of the
> debian keyring.  Sure, the debian signature is next to worthless, but
> it does establish an audit trail.  If someone's key is hacked we can
> find where that key was used to authenticate binaries and rout them.

We already have an auidt trail, it's called the .dsc file. If you get a
package that has hacked programs in it then we can match them against our
.deb and .dsc to see if they came from us, and see who uploaded them.
Individual file authentication is no better.

Jason

Reply to:

Follow-Ups:
- Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
  - From: Oscar Levi <elf@buici.com>

References:
- Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
  - From: Oscar Levi <elf@buici.com>

Prev by Date: Re: DPLs : what do you think about ...
Next by Date: Re: What I'd like to see in a project leader
Previous by thread: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
Next by thread: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
Index(es):
- Date
- Thread