-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/29/2015 06:41 PM, Sebastian Pipping wrote: > Hi! >
... > > * Why do we serve Git over git:// and http:// if those are > vulnerable to man-in-the-middle attacks (before having waterproof > GPG protection for whole repositories in place)? <pedant>OpenPGP (GPG is just one implementation)</pedant>, but indeed, that is what the gentoo-keys project is about. There is experimental support for OpenPGP verification in portage already using gkeys. Currently the focus is on getting developer's keys up to GLEP63 specs, i currently see 36 good Gentoo developer keys. The scheme is also flexible enough to allow for overlays. > Especially with ebuilds run by root, we cannot afford MITM. > > > So I would like to propose that > > * support for Git access through https:// is activated, https is not a good protection against MITM when factoring in global PKIX CA setup, nor would it protect with regards to server compromise. So the only viable way to secure ebuild repositories is proper OpenPGP usage. - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJVGD9LAAoJEP7VAChXwav6VmsIALlhZ1g1GXYAL/ZkP+vi1L0H MLKfYcxkMgZNwEfykmRP4DvafNPDDhWT0gvFfD+vG4zucI7liQSUnzK8SbVtzz3l o/cCELtOvjq6pMnefizwxoG0IyJmu07Tu2kUPo3Qyw1I5IqHqaqFWDB/Noe5Rvuy rbXgWqMgg6rcYxOhUHN4YQFtw1xEgWW4CS8Smri2jjSRaizgQ2sw+Iji/ej4XUyW JvWdZfGfHuzTX/uWPr7ptyi9foVvTkc9Hko2t97XS/bNZvtECRNceZBOTGgHftgD nCopTHBY42G69B+z07qctdI2AH2ozskI1+42rE2k6vJLNfFcY5loidsWDPiG3a8= =9GQH -----END PGP SIGNATURE-----
