[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: digital signatures for kde sources?
From: Scott Kitterman <kde () kitterman ! com>
Date: 2010-05-26 10:10:40
Message-ID: dcec8bad-499f-4ed2-b377-6b547613fdf2 () email ! android ! com
[Download RAW message or body]
"Joanna Rutkowska" <joanna@invisiblethingslab.com> wrote:
> On 05/26/2010 03:49 AM, Scott Kitterman wrote:
> > > Instead of having just one private key, it would be much better for
> > > every commiter/release-manager or whoever is responsible for building
> > > the stable tarballs, to generate their own private key and use it for
> > > signing. Then, there should be one "master signing key" that would be
> > > kept on some safe machine (perhaps used just for the purpose of
> > > generating and using this key) and which would be used to sign all the
> > > "authorized" developers keys. This key (the public portion) would be
> > > published on kde.org website, and you can also send it to kde-devel
> > > list, to make it possible for people to obtain it from 2 different
> > > sources (I guess kde-devel is widely mirrored over internet, so it would
> > > not be feasible for the attacker to subvert this public key in all the
> > > places). Perhaps only the top 2 or 3 most trusted KDE developers (I'm
> > > sorry I don't know the management structure of the project) should have
> > > access to the master signing key.
> > >
> > Speaking as an Ubuntu packager, we maintain in transit assurance of
> > package integrity by retrieving the tarballs via sftp. If someone
> > can MITM my SSH session, then there's a lot better things they can
> > do with it than modify KDE tarballs in transit.
> >
>
> That's certainly better than relaying on the SHA1 hash embedded on the
> plaintext HTML page. But still doesn't help if somebody compromised the
> KDE's ftp server. You might comfort yourself that this is unlikely to
> happen, but the reality is simply different ...
Which is why I specified in transit assurance. I agree signing would be better, but \
thought it reasonable to point out that at least part of the problem had a reasonable \
solution in place already.
Scott K
> > Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic