[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: leaks in our only-signed-software fortress

Am 18.02.2012 10:11, schrieb Teus Benschop:
To put things in perspective, I just wonder how strong this 'fortress'
really is, and whether this strength is only in our perception or
whether it is real. Let me give just one example: A developer downloads a tarball from an upstream source, configures it, and does make install, yet has not even once checked whether this tarball is secure or is not a
root kit.

This is true but...
a) this would be a general attack against all people, which are usually a tiny bit harder to do, then the local sysadmin just hacking colleagues.. b) as everyone is affected then (all users of the package),... there is a greater chance of notifying it

most important...
c) the ideal situation would of course be, that the maintainer has a good relationship to upstream, perhaps even met them in person, exchanged OpenPGP keys with them and uses those (or weaker means[0]) to verify every single download.


[0] Some projects secure their sites e.g. with X.509 certs by one of the commercial CAs.... I guess this is better than nothing, but many recent cases have shown us that the whole strict hierarchical trust model by X.509 is basically for trash.

Reply to: