[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
From: |
Robert Collins |
Subject: |
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch |
Date: |
Mon, 08 Dec 2003 08:33:46 +1100 |
On Mon, 2003-12-08 at 08:12, Karel Gardas wrote:
> > `get' doesn't check signatures in this proposal. My reasoning is that
> > while the archive host is going to have public keys (somewhere outside
> > of where arch itself can touch them) clients running `get' generally
> > won't.
>
> Oops, either I don't understand, or if I understand, that's IMHO no
> security at all. IMHO get _needs_ to verify signatures.
The immediate goal for GPG support, is to allow archive integrity checks
post-server-compromise - see the message from RMS in Tom's post.
Thus, having tla get check the signatures is orthogonal to the immediate
goal.
That said, having get check the signatures makes sense as a phase 2
implementation.
For users wanting to gpg check in phase 1, it's easy: archive-mirror to
the local disk, with copying signatures enabled. Then run the integrity
checking script tom proposed.
Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, (continued)
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Mraz, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Andrew Suffield, 2003/12/08
Re: [Gnu-arch-users] crypto sigs and _Encryption_ for arch, Paul Hedderly, 2003/12/09
crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07