On Wed, Oct 10, 2012 at 7:53 PM, Ian Holsman <[email protected]> wrote: > On Oct 11, 2012, at 10:44 AM, Greg Stein <[email protected]> wrote: >> (assume secure Infrastructure) > > That's a pretty big assumption isn't it?
Empirically, we've had break-ins, so we can assume it will happen again. But now you're talking that somebody has to change the svn/dist system to install new tarballs and new checksums. Without being noticed once control is regained. > There have been public instances where open source infrastructures have been > hacked, and releases have been messed with. > > I think keys removes the need for the assumption. Not too much. We still instruct users "take the signatures and verify them against blah.apache.org/KEYS". John Blackhat could replace the signatures and install his entry into KEYS. I still see no need for key-based signing here :-) Cheers, -g --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
