(non) automatic signing (was: Updates System)
Axel Thimm
Axel.Thimm at ATrpms.net
Wed May 16 18:52:14 UTC 2007
On Wed, May 16, 2007 at 07:08:09PM +0200, Nicolas Mailhot wrote:
> Le mercredi 16 mai 2007 à 11:18 -0500, Josh Boyer a écrit :
> > On Wed, 2007-05-16 at 09:02 -0700, Chris Weyl wrote:
> > >
> > > * a "make push" command that could be run to push a package w/o any
> > > manual intervention. For most packages, a "make tag build push" would
> > > suffice, and the world wouldn't come to an end.
> >
> > That should never happen for updates. Packages are signed and you need
> > a human to sign them. Automating the signing process is absurd because
> > if that's done, there is no point in signing things anyway.
>
> Of course there is.
> [...]
I was just going to write what Nicolas did. In fact even to the
letter. Maybe we are twin brothers after all and our parents lied to
us ;)
Anyway to add something to the discussion: ATrpms does automated
signing since the beginning and according to the logic "If someone
compromizes the signing system it doesn't matter if he retrieves a
passphrase-less key or waits until he sniffs the passphrase off my
fingers" it is really not helping to slow-down the process by manual
signing.
In fact one could even argue that automated signing is more secure
that manual: In the automated signing setup, the attacker needs to
hack into one system. In the manual setup, he can choose between the
signing server and my laptop. More choices for the attacker means more
possible entry points.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070516/3633f234/attachment.sig>
More information about the Fedora-maintainers
mailing list