Git development
 help / color / mirror / Atom feed
From: Joseph Parmelee <jparmele@wildbear.com>
To: Ted Ts'o <tytso@mit.edu>
Cc: "Junio C Hamano" <gitster@pobox.com>, "Jeff King" <peff@peff.net>,
	"Carlos Martín Nieto" <cmn@elego.de>,
	"Olsen, Alan R" <alan.r.olsen@intel.com>,
	"Michael Witten" <mfwitten@gmail.com>,
	"git@vger.kernel.org" <git@vger.kernel.org>
Subject: Re: Lack of detached signatures
Date: Thu, 29 Sep 2011 10:47:30 -0600 (CST)	[thread overview]
Message-ID: <alpine.LNX.2.00.1109291013220.29373@bruno> (raw)
In-Reply-To: <20110929131845.GQ19250@thunk.org>




On Thu, 29 Sep 2011, Ted Ts'o wrote:

> On Wed, Sep 28, 2011 at 08:50:49PM -0700, Junio C Hamano wrote:
>>
>> I was actually more worried about helping consumers convince themselves
>> that thusly signed keys indeed belong to producers like Linus, Peter,
>> etc. There are those who worry that DNS record to code.google.com/ for
>> them may point at an evil place to give them rogue download material.
>> "Here are the keys you can verify our trees with" message on the mailing
>> list, even with the message is signed with GPG, would not be satisfactory
>> to them.
>
> What do you mean by "consumers" in this context?  Most end users don't
> actually download tarballs from www.kernel.org or code.google.com!  :-)
>
> If you mean developers at Linux distributions Red Hat, SuSE, or
> Handset manufacturers such as Samsung, HTC, Motorola, etc., there will
> be many of those reprsenatives at LinuxCon Europe and CELF (Consumer
> Electronics Linux Forum) Europe conferences, which will be colocated
> with the Kernel Summit in Prague.
>
> If you are thinking of random developers located in far-flung places
> of the world who don't have any contact with other Linux developers,
> this is a previously unsolved problem.  There are links into the
> developing Kernel GPG tree that are signed by the GPG web trust used
> by Debian, OpenSuSE, and (soon) Fedora.  Given that people generally
> have to trust one or more of those web of trusts, that's the best we
> can do, at least as far as I know.  If you can suggest something
> better, please let me know!
>
>
> 						- Ted
>

Also included is distro developers that gen custom distros for limited
corporate use on specific hardware, and anyone else that is sufficiently
concerned about security and/or survivability that they prefer/need to build
from the upstream source.

As far as accepting public keys, a key obtained from the key servers and
signed by others, while not perfect, is vastly superior to nothing at all. 
I am located in the mountains of Costa Rica.  Over the years I have
collected a fair number of public keys making it very difficult for bad guys
to fake both a public key and all the signatures too, even though I can't
travel to a "key signing party" which would of course be better.

Even if we have to change all the keys now its going to be risky but still
vastly better than nothing.  I would hope that a new key would be signed by
an existing valid private key as well as newly issued keys.  This would
reassure people like me who have a substantial stash of old but valid public
keys, while at the same time thwarting bad guys who can fake only those old
signatures for which they have stolen valid private keys.

Joseph

  parent reply	other threads:[~2011-09-29 16:47 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-27 23:48 Lack of detached signatures Joseph Parmelee
2011-09-28  0:03 ` Junio C Hamano
2011-09-28  0:07   ` Michael Witten
2011-09-28  4:17     ` Olsen, Alan R
2011-09-28  7:41       ` Carlos Martín Nieto
2011-09-28 12:36         ` Joseph Parmelee
2011-09-28 16:45           ` Junio C Hamano
2011-09-28 16:55             ` Michael Witten
2011-09-28 16:59             ` Matthieu Moy
2011-09-28 22:25             ` Jeff King
2011-09-28 23:09               ` Ted Ts'o
2011-09-29  0:28                 ` Junio C Hamano
2011-09-29  1:59                   ` Ted Ts'o
2011-09-29  3:50                     ` Junio C Hamano
2011-09-29 13:18                       ` Ted Ts'o
2011-09-29 14:40                         ` Sverre Rabbelier
2011-09-29 14:50                           ` Ted Ts'o
2011-09-29 14:52                             ` Sverre Rabbelier
2011-09-29 16:47                         ` Joseph Parmelee [this message]
2011-09-29  1:29                 ` Joseph Parmelee
2011-09-29  1:41                 ` Jeff King
2011-09-29 20:31                 ` Olsen, Alan R
2011-09-28 22:40             ` Joseph Parmelee
2011-09-28 17:03       ` Ben Walton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.LNX.2.00.1109291013220.29373@bruno \
    --to=jparmele@wildbear.com \
    --cc=alan.r.olsen@intel.com \
    --cc=cmn@elego.de \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=mfwitten@gmail.com \
    --cc=peff@peff.net \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox