Re: Remote signing of large files

To: debian-user@lists.debian.org
Subject: Re: Remote signing of large files
From: Tzafrir Cohen <tzafrir@cohens.org.il>
Date: Sat, 6 Dec 2008 18:43:50 +0000
Message-id: <[🔎] 20081206184350.GI5780@pear.tzafrir.org.il>
In-reply-to: <[🔎] 1228587672.26692.11.camel@localhost>
References: <[🔎] e040b520812040426i32e6c288r44115d36ee5c918@mail.gmail.com> <[🔎] 20081206033725.GB5850@osamu.debian.net> <[🔎] 493AAFE3.6060707@therning.org> <[🔎] 1228587672.26692.11.camel@localhost>

On Sat, Dec 06, 2008 at 08:21:12PM +0200, subscriptions wrote:
> 
> > On Thu, Dec 04, 2008 at 12:26:31PM +0000, Magnus Therning wrote:
> > I'd feel a bit more safe if the signing could be done on a separate
> > server. However, the built files are large and I don't want to
> > introduce a bottle neck by transfering all files back and forth over
> > the network.
> 
> The above sentences describe a mutual exclusive proposition.
> 
> That is the problem!

Why? Tehcnically you just need the digest (e.g.: the .dsc file) to sign.
The signature technically only signs its content. If you don't trust the 
build system to provide you the correct information, how come you trust 
it not modify the package before signing (e.g.: add a 'rm -rf /*' in the 
prerm script).

-- 
Tzafrir Cohen         | tzafrir@jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir@cohens.org.il |                    |  best
ICQ# 16849754         |                    | friend

Reply to:

References:
- Remote signing of large files
  - From: "Magnus Therning" <magnus@therning.org>
- Re: Remote signing of large files
  - From: Osamu Aoki <osamu@debian.org>
- Re: Remote signing of large files
  - From: Magnus Therning <magnus@therning.org>
- Re: Remote signing of large files
  - From: subscriptions <subscriptions@rdegraaf.nl>

Prev by Date: Re: Fidre channel array
Next by Date: Re: xorg and fonts
Previous by thread: Re: Remote signing of large files
Next by thread: Re: Remote signing of large files
Index(es):
- Date
- Thread