Re: Checking signatures on source tarballs

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Checking signatures on source tarballs

From:	Leo Famulari
Subject:	Re: Checking signatures on source tarballs
Date:	Wed, 07 Oct 2015 14:05:32 -0400

On Wed, Oct 7, 2015, at 10:09, Mark H Weaver wrote:
> > address@hidden (Ludovic Courtès) writes:
> > Most of the time the authentication model is trust-on-first-download:
> > The packager fetches upstream’s public key when they first download a
> > tarball (so this particular phase is subject to MiTM), and subsequent
> > downloads are checked against the key that’s already in the packager’s
> > keyring.
> 
> Right, and every time the package is updated, that's another opportunity
> for a MiTM attack.  My proposal would fix that problem.  It would also
> allow MiTM attacks to be detected later, because the bad key would be
> recorded in our git repository for all to see.

I have been wondering about this issue as I created package and I share
Mark's concern. The current system relies on packagers to get it right
for every update.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH 2/4] emacs: Add 'guix-devel-download-package-source'., (continued)

Prev by Date: Re: [PATCH] 11 little Ruby gems.
Next by Date: Re: Checking signatures on source tarballs
Previous by thread: Re: Checking signatures on source tarballs
Next by thread: Re: Checking signatures on source tarballs
Index(es):
- Date
- Thread