Time to resurrect multi-key signatures in RPM?
Les Mikesell
lesmikesell at gmail.com
Wed Aug 27 23:41:33 UTC 2008
Bojan Smojver wrote:
>
>
>> But what if
>> it is the src rpm that is compromised so the builds will be identical
>> because they both contain the modification?
>
> That is not exactly the compromise of the build system and/or Fedora key, now is
> it?
Is one significantly harder than the other? If it goes unnoticed the end
result could be the same.
> If your own contributors are subverting the system by uploading borked
> source, the mutli-key system isn't going to help (and I never claimed that).
I'm not proposing an intentional trojan source submission, but a
compromise that modifies it in an unexpected way. I'd think if you go to
the trouble to compare builds you'd also want an end-to-end validity
check on the input to be sure it wasn't compromised either at the source
or in transit.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-devel-list
mailing list