[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] 2004.1 will not include a secure portage.
From:       Paul de Vrieze <pauldv () gentoo ! org>
Date:       2004-03-27 13:14:23
Message-ID: 200403271414.24414.pauldv () gentoo ! org
[Download RAW message or body]


On Saturday 27 March 2004 04:28, Andrew Cowie wrote:
> On Wed, 2004-03-24 at 16:07, Chris Bainbridge wrote:
> >   c) for each signature in .secure/*.asc check whether its in the ACL
> > list, then call `gpg --verify .secure/sig.asc .secure/hash` to verify it.
> > We can set auto-key-retrieve in case we don't already have the key.
>
> Something that I've been trying to figure out in this whole discussion
> of rapidly expiring keys is what happens to machines that don't have
> at-will access to the public internet:
>
> .. a disconnected machine (like a laptop) who is away from the internet
> for days or weeks at a time, or

At the moment of syncing a timestamp is stored which is used for determining 
the validity of the key. The condition for this to work is that the local 
machine is not compromised. But if it were, all odds were of anyway.

> .. a server node that doesn't get its packages from the net at all, but
> rather is part of a production farm which gets its updates from some
> local local mirror/build machine only when the site administrators make
> a new local set of packages available to that server farm.

The timestamp needs to be made available to the client machines, or (more 
likely) the server provides it's own list of allowed keys possibly including 
local administrators' keys. A local list requires a configuration option that 
specifies an alternative key that can override the gentoo provided 
signatures.

> What happens in those scenarios?

See above

Paul

-- 
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]