https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #22 from Mark Wielaard <mark at klomp dot org> --- (In reply to Ryan Goldberg from comment #21) > (In reply to Mark Wielaard from comment #20) > > But isn't the idea of checking the IMA signatures that you don't have to > > trust the server providing the debuginfo files as the distro intended them? > But this will allow for the case of a trusted server which only has some of > it's RPMs per-file signed. Take for instance a server which has the RPMs for > f36,37,38. The f36 files don't have signatures so using enforcing here is > too strict since we are ok just letting a client know that these ones are > unverifiable, but we still want to be able to reject any of the invalid ones > for f38 This still feels odd. Since you cannot distinguish between non-sig f36 package (okish?) and non-sig f38 packages (bad?). I think you have to either trust or reject all non-sig packages from such a server. > > So both are bad in some way. Which imho means that if we support some kind > > of permissive mode, then it should explicitly warn for both kind of > > baddness. > In the permissive mode you'll get: > * "the signature is valid" for valid sigs > * "ALERT: this download is being rejected since the IMA signature could not > be verified" for invalid sigs > * "the signature could not be verified" otherwise I'll look at the code to see if I understand what this means in practice. Are those the messages presented to the user (in verbose mode? always?). And does this mean all three cases warn (or only the second and third)? And is it just a message or does it also mean actual rejection in some cases? > So we do warn for both kinds of bad, we just don't reject the 'unknown' bad But how is 'unknown' bad different from invalid signature bad? I think you should assume that if there is no signature, then the signature is by definition invalid (assume it has a signature of 00000000000000000000000000000000). -- You are receiving this mail because: You are on the CC list for the bug.
