Time to resurrect multi-key signatures in RPM?
Les Mikesell
lesmikesell at gmail.com
Wed Aug 27 19:16:36 UTC 2008
Jeff Spaleta wrote:
> On Wed, Aug 27, 2008 at 5:52 AM, Bojan Smojver <bojan at rexursive.com> wrote:
>> Well, just because we base our build comparisons right now on something as crude
>> as raw checksums, doesn't mean this has to be like that forever. We may find
>> ways of comparing builds differently to determine if they were compromised, by
>> explicitly excluding well known differences within binaries.
>
> How about you back up and just work on this very specific problem of
> deterministically doing build comparisons across disparate build
> systems ..before we even begin to discuss how a multiple sigantory
> process which relies on that.
Virtual machines, virtually identical as starting points? But what if
it is the src rpm that is compromised so the builds will be identical
because they both contain the modification? Now you need to have the
packager verify again that the source that produced the 2 builds had
only the changes he intended.
And if you are really paranoid you have to wonder about the compiler and
any existing libraries too: http://cm.bell-labs.com/who/ken/trust.html.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-devel-list
mailing list