Andrew Muraco posted <[EMAIL PROTECTED]>, excerpted below, on Tue, 10 Jan 2006 23:57:43 -0500:
> The method described here would also open up the oppurtunity for "fake" > enterprise trees, without having something to double check that the tree > that we have is indeed the one that is wanted, it would be possible for a > hacked rsync server (or a bogus one) to host the enterprise (stable) trees > with extra ebuilds which could compromise security (/me thinks of emails > warning about Microsoft's patchs and links which point to infectious > websites.) Remember, portage already has a decent amount of signed content verification builtin, and is getting more. Just because it's not currently used, as the debate on strength and keyring handling hasn't been settled, doesn't mean the capacity doesn't exist. At this point it should be possible to develop a working enterprise security model along with the enterprise proposal and tree. Spec it out, put the keys in a special dir on a read-only mounted partition, and it'll be pretty hard to fake it on the fly, at least. IOW, while it's certainly an issue that needs to be addressed, I'd consider it no worse than anything else on the list, and probably relatively minor compared to some of the other hurdles to be cleared on the way to a decent enterprise Gentoo. I believe the biggest hurdles will be finding the folks to do it and coordinating them to actually get and keep it going. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman in http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html -- gentoo-dev@gentoo.org mailing list
