Re: kernel.org compromised
On Fri, 02 Sep 2011, Philipp Kern wrote:
> On 2011-09-02, Henrique de Moraes Holschuh <firstname.lastname@example.org> wrote:
> > On Fri, 02 Sep 2011, Bastian Blank wrote:
> >> On Thu, Sep 01, 2011 at 06:05:01PM -0300, Henrique de Moraes Holschuh wrote:
> >> > Our kernels are not a problem. The Debian mirror in mirrors.kernel.org,
> >> > on the other hand... While the apt signature will protect users
> >> > downloading packages through the package manager, users that get binary
> >> > packages directly are not protected.
> >> The connection is not authenticated, so it makes no difference if you
> >> get modified stuff or if it is modified in transit.
> > Yeah, yeah. We've beaten that horse to death, and our side lost. I also
> > advocate that all debs should be signed, but that was not the will of the
> > ftp-masters the last time the issue was up for discussion.
> And we should get the archive signing key into a HSM.
We actually could if we wanted to, it is not that expensive. Whether it
would really help overall security or not is something that is not obvious.
Good two-factor autentication for logins would be a better first step,
though. As long as we ask the Fedora guys how well it is working for them,
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot