* kernel.org frontpage @ 2003-01-29 5:40 H. Peter Anvin 2003-01-29 9:47 ` John Bradford 0 siblings, 1 reply; 20+ messages in thread From: H. Peter Anvin @ 2003-01-29 5:40 UTC (permalink / raw) To: linux-kernel Just in case anyone cares :) I have changed the kernel.org frontpage from linking to .gz to linking to .bz2 files. It should now also display snapshot releases if they exist. -hpa -- <hpa@transmeta.com> at work, <hpa@zytor.com> in private! "Unix gives you enough rope to shoot yourself in the foot." http://www.zytor.com/~hpa/puzzle.txt <amsp@zytor.com> ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 5:40 kernel.org frontpage H. Peter Anvin @ 2003-01-29 9:47 ` John Bradford 2003-01-29 9:52 ` H. Peter Anvin 0 siblings, 1 reply; 20+ messages in thread From: John Bradford @ 2003-01-29 9:47 UTC (permalink / raw) To: H. Peter Anvin; +Cc: linux-kernel > Just in case anyone cares :) I have changed the kernel.org frontpage > from linking to .gz to linking to .bz2 files. It should now also > display snapshot releases if they exist. Cool, would it be worth putting in a link to the relevant .sign files as well? John ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 9:47 ` John Bradford @ 2003-01-29 9:52 ` H. Peter Anvin 2003-01-29 15:09 ` Valdis.Kletnieks 2003-01-30 20:42 ` Kasper Dupont 0 siblings, 2 replies; 20+ messages in thread From: H. Peter Anvin @ 2003-01-29 9:52 UTC (permalink / raw) To: John Bradford; +Cc: linux-kernel John Bradford wrote: >>Just in case anyone cares :) I have changed the kernel.org frontpage >>from linking to .gz to linking to .bz2 files. It should now also >>display snapshot releases if they exist. > > > Cool, would it be worth putting in a link to the relevant .sign files > as well? No, it would add absolutely nothing (other than clutter.) All the .sign files are good for is to check for rogue mirrors. -hpa ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 9:52 ` H. Peter Anvin @ 2003-01-29 15:09 ` Valdis.Kletnieks 2003-01-29 18:13 ` H. Peter Anvin 2003-01-29 19:14 ` John Bradford 2003-01-30 20:42 ` Kasper Dupont 1 sibling, 2 replies; 20+ messages in thread From: Valdis.Kletnieks @ 2003-01-29 15:09 UTC (permalink / raw) To: H. Peter Anvin; +Cc: John Bradford, linux-kernel [-- Attachment #1: Type: text/plain, Size: 263 bytes --] On Wed, 29 Jan 2003 01:52:43 PST, "H. Peter Anvin" said: > No, it would add absolutely nothing (other than clutter.) All the .sign > files are good for is to check for rogue mirrors. Or a rogue *primary* site, as has already happened to OpenSSH and Sendmail. [-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --] ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 15:09 ` Valdis.Kletnieks @ 2003-01-29 18:13 ` H. Peter Anvin 2003-01-29 18:36 ` Chris Friesen 2003-01-29 19:14 ` John Bradford 1 sibling, 1 reply; 20+ messages in thread From: H. Peter Anvin @ 2003-01-29 18:13 UTC (permalink / raw) To: Valdis.Kletnieks; +Cc: John Bradford, linux-kernel Valdis.Kletnieks@vt.edu wrote: > On Wed, 29 Jan 2003 01:52:43 PST, "H. Peter Anvin" said: > > >>No, it would add absolutely nothing (other than clutter.) All the .sign >>files are good for is to check for rogue mirrors. > > > Or a rogue *primary* site, as has already happened to OpenSSH and Sendmail. NO! THE SIGN FILES DO NOT VERIFY AGAINST A COMPROMISED KERNEL.ORG MASTER SITE. -hpa ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 18:13 ` H. Peter Anvin @ 2003-01-29 18:36 ` Chris Friesen 2003-01-29 18:55 ` Valdis.Kletnieks 0 siblings, 1 reply; 20+ messages in thread From: Chris Friesen @ 2003-01-29 18:36 UTC (permalink / raw) To: H. Peter Anvin; +Cc: Valdis.Kletnieks, John Bradford, linux-kernel H. Peter Anvin wrote: > Valdis.Kletnieks@vt.edu wrote: > >> On Wed, 29 Jan 2003 01:52:43 PST, "H. Peter Anvin" said: >> >>> No, it would add absolutely nothing (other than clutter.) All the >>> .sign files are good for is to check for rogue mirrors. >> >> Or a rogue *primary* site, as has already happened to OpenSSH and >> Sendmail. > > NO! > > THE SIGN FILES DO NOT VERIFY AGAINST A COMPROMISED KERNEL.ORG MASTER SITE. Perhaps for the truly paranoid the signatures should be posted to this newsgroup and digitally signed by someone trusted. Chris -- Chris Friesen | MailStop: 043/33/F10 Nortel Networks | work: (613) 765-0557 3500 Carling Avenue | fax: (613) 765-2986 Nepean, ON K2H 8E9 Canada | email: cfriesen@nortelnetworks.com ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 18:36 ` Chris Friesen @ 2003-01-29 18:55 ` Valdis.Kletnieks 2003-01-29 19:37 ` Russell King 0 siblings, 1 reply; 20+ messages in thread From: Valdis.Kletnieks @ 2003-01-29 18:55 UTC (permalink / raw) To: Chris Friesen; +Cc: linux-kernel [-- Attachment #1: Type: text/plain, Size: 885 bytes --] On Wed, 29 Jan 2003 13:36:55 EST, Chris Friesen said: > Perhaps for the truly paranoid the signatures should be posted to this > newsgroup and digitally signed by someone trusted. It's called the PGP web of trust. There's already some 107 signatures on the PGP key - who else would you want signing it? The point is that we've already (presumably) proved via the web-of-trust that PGP key 517d0f0e is in fact the proper key, and that for an intruder to post a valid signature of a trojaned .tar.gz would require them to *ALSO* compromise the machine that the signing is done on (hopefully a different machine than ftp.kernel.org). Yes, an intruder could leave a forged signature with a random key easily. But to leave a forged signature with the key that's already on my keyring is a lot harder... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech [-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --] ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 18:55 ` Valdis.Kletnieks @ 2003-01-29 19:37 ` Russell King 2003-01-29 19:49 ` Valdis.Kletnieks 0 siblings, 1 reply; 20+ messages in thread From: Russell King @ 2003-01-29 19:37 UTC (permalink / raw) To: Valdis.Kletnieks; +Cc: Chris Friesen, linux-kernel On Wed, Jan 29, 2003 at 01:55:22PM -0500, Valdis.Kletnieks@vt.edu wrote: > Yes, an intruder could leave a forged signature with a random key > easily. But to leave a forged signature with the key that's already > on my keyring is a lot harder... I believe a script signs the files on ftp.kernel.org, which means the private key is on the master machine, probably without a pass phrase. That means that if the master server is compromised, its highly likely that a rogue file will have a correct signature. As hpa says, the GPG signature provides no assurance that Linus put up patch-2.5.60.bz2 and not some random other person. The only way to be completely sure is for Linus to gpg-sign the patches himself at source with a known gpg key using a secure pass phrase before they leave his machine (preferably before the machine is connected to the 'net to upload them for the really paranoid.) -- Russell King (rmk@arm.linux.org.uk) The developer of ARM Linux http://www.arm.linux.org.uk/personal/aboutme.html ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 19:37 ` Russell King @ 2003-01-29 19:49 ` Valdis.Kletnieks 0 siblings, 0 replies; 20+ messages in thread From: Valdis.Kletnieks @ 2003-01-29 19:49 UTC (permalink / raw) To: Russell King; +Cc: linux-kernel [-- Attachment #1: Type: text/plain, Size: 601 bytes --] On Wed, 29 Jan 2003 19:37:50 GMT, Russell King said: > I believe a script signs the files on ftp.kernel.org, which means the > private key is on the master machine, probably without a pass phrase. > That means that if the master server is compromised, its highly likely > that a rogue file will have a correct signature. OK.. I missed that part, and thought somebody was doing a check-and-balance before files went out. > The only way to be completely sure is for Linus to gpg-sign the patches > himself at source with a known gpg key using a secure pass phrase before Now there's a thought.. ;) [-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --] ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 15:09 ` Valdis.Kletnieks 2003-01-29 18:13 ` H. Peter Anvin @ 2003-01-29 19:14 ` John Bradford 2003-01-29 19:20 ` Valdis.Kletnieks 2003-01-29 19:29 ` H. Peter Anvin 1 sibling, 2 replies; 20+ messages in thread From: John Bradford @ 2003-01-29 19:14 UTC (permalink / raw) To: Valdis.Kletnieks; +Cc: hpa, linux-kernel > > No, it would add absolutely nothing (other than clutter.) All the .sign > > files are good for is to check for rogue mirrors. > > Or a rogue *primary* site, as has already happened to OpenSSH and Sendmail. I see what you mean, but I don't see how it makes it any less useful to have them on the front page - if you download the latest kernel patch from a mirror, you could then just click on the relevant link on the front page of kernel.org - infact, as http access to kernel.org is frequently much slower than ftp, it might actually be very useful, because anybody downloading via http would make two requests, (OK, about 7, because of the images on the front page), instead of about 13, if they traverse each directory to the .sign file. John ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 19:14 ` John Bradford @ 2003-01-29 19:20 ` Valdis.Kletnieks 2003-01-29 19:30 ` H. Peter Anvin 2003-01-29 19:54 ` John Bradford 2003-01-29 19:29 ` H. Peter Anvin 1 sibling, 2 replies; 20+ messages in thread From: Valdis.Kletnieks @ 2003-01-29 19:20 UTC (permalink / raw) To: John Bradford; +Cc: hpa, linux-kernel [-- Attachment #1: Type: text/plain, Size: 813 bytes --] On Wed, 29 Jan 2003 19:14:43 GMT, John Bradford said: > I see what you mean, but I don't see how it makes it any less useful > to have them on the front page - if you download the latest kernel > patch from a mirror, you could then just click on the relevant link on > the front page of kernel.org - infact, as http access to kernel.org is > frequently much slower than ftp, it might actually be very useful, > because anybody downloading via http would make two requests, (OK, > about 7, because of the images on the front page), instead of about > 13, if they traverse each directory to the .sign file. I was arguing that they *should* be on the front page, since they *are* useful and it *would* lower the number of requests. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech [-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --] ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 19:20 ` Valdis.Kletnieks @ 2003-01-29 19:30 ` H. Peter Anvin 2003-01-30 10:55 ` Hans Reiser 2003-01-29 19:54 ` John Bradford 1 sibling, 1 reply; 20+ messages in thread From: H. Peter Anvin @ 2003-01-29 19:30 UTC (permalink / raw) To: Valdis.Kletnieks; +Cc: John Bradford, linux-kernel Valdis.Kletnieks@vt.edu wrote: > On Wed, 29 Jan 2003 19:14:43 GMT, John Bradford said: > > >>I see what you mean, but I don't see how it makes it any less useful >>to have them on the front page - if you download the latest kernel >>patch from a mirror, you could then just click on the relevant link on >>the front page of kernel.org - infact, as http access to kernel.org is >>frequently much slower than ftp, it might actually be very useful, >>because anybody downloading via http would make two requests, (OK, >>about 7, because of the images on the front page), instead of about >>13, if they traverse each directory to the .sign file. > > > I was arguing that they *should* be on the front page, since they *are* > useful and it *would* lower the number of requests. > I am not going to do something that will provide false security to people. Case closed; please read the signature FAQ. -hpa ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 19:30 ` H. Peter Anvin @ 2003-01-30 10:55 ` Hans Reiser 0 siblings, 0 replies; 20+ messages in thread From: Hans Reiser @ 2003-01-30 10:55 UTC (permalink / raw) To: H. Peter Anvin; +Cc: Valdis.Kletnieks, John Bradford, linux-kernel H. Peter Anvin wrote: >I am not going to do something that will provide false security to >people. Case closed; please read the signature FAQ. > > -hpa > > > Are you monitoring the development of SFS by Mazieres? I believe that would be the best way to handle it. -- Hans ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 19:20 ` Valdis.Kletnieks 2003-01-29 19:30 ` H. Peter Anvin @ 2003-01-29 19:54 ` John Bradford 1 sibling, 0 replies; 20+ messages in thread From: John Bradford @ 2003-01-29 19:54 UTC (permalink / raw) To: Valdis.Kletnieks; +Cc: hpa, linux-kernel > > --==_Exmh_1523870505P > Content-Type: text/plain; charset=us-ascii > > On Wed, 29 Jan 2003 19:14:43 GMT, John Bradford said: > > > I see what you mean, but I don't see how it makes it any less useful > > to have them on the front page - if you download the latest kernel > > patch from a mirror, you could then just click on the relevant link on > > the front page of kernel.org - infact, as http access to kernel.org is > > frequently much slower than ftp, it might actually be very useful, > > because anybody downloading via http would make two requests, (OK, > > about 7, because of the images on the front page), instead of about > > 13, if they traverse each directory to the .sign file. > > I was arguing that they *should* be on the front page, since they *are* > useful and it *would* lower the number of requests. Sorry, I'd deleted the original message, and didn't want to break the thread :-) John. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 19:14 ` John Bradford 2003-01-29 19:20 ` Valdis.Kletnieks @ 2003-01-29 19:29 ` H. Peter Anvin 2003-01-29 19:58 ` John Bradford 1 sibling, 1 reply; 20+ messages in thread From: H. Peter Anvin @ 2003-01-29 19:29 UTC (permalink / raw) To: John Bradford; +Cc: Valdis.Kletnieks, linux-kernel John Bradford wrote: >>>No, it would add absolutely nothing (other than clutter.) All the .sign >>>files are good for is to check for rogue mirrors. >> >>Or a rogue *primary* site, as has already happened to OpenSSH and Sendmail. > > > I see what you mean, but I don't see how it makes it any less useful > to have them on the front page - if you download the latest kernel > patch from a mirror, you could then just click on the relevant link on > the front page of kernel.org - infact, as http access to kernel.org is > frequently much slower than ftp, it might actually be very useful, > because anybody downloading via http would make two requests, (OK, > about 7, because of the images on the front page), instead of about > 13, if they traverse each directory to the .sign file. > No, just download the signature from the mirror and verify it. This isn't an MD5 signature. -hpa ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 19:29 ` H. Peter Anvin @ 2003-01-29 19:58 ` John Bradford 0 siblings, 0 replies; 20+ messages in thread From: John Bradford @ 2003-01-29 19:58 UTC (permalink / raw) To: H. Peter Anvin; +Cc: Valdis.Kletnieks, linux-kernel > No, just download the signature from the mirror and verify it. This > isn't an MD5 signature. Good point, if the main site has been compromised, and the key obtained, it would be a bit pointless concerning ourselves with whether the mirror had been compromised separately :-) John. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-29 9:52 ` H. Peter Anvin 2003-01-29 15:09 ` Valdis.Kletnieks @ 2003-01-30 20:42 ` Kasper Dupont 2003-01-30 20:44 ` H. Peter Anvin 2003-01-30 20:50 ` John Bradford 1 sibling, 2 replies; 20+ messages in thread From: Kasper Dupont @ 2003-01-30 20:42 UTC (permalink / raw) To: H. Peter Anvin; +Cc: linux-kernel "H. Peter Anvin" wrote: > > All the .sign > files are good for is to check for rogue mirrors. I believe I can also use them to check against a MiM attack against my connection to kernel.org. -- Kasper Dupont -- der bruger for meget tid på usenet. For sending spam use mailto:aaarep@daimi.au.dk for(_=52;_;(_%5)||(_/=5),(_%5)&&(_-=2))putchar(_); ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-30 20:42 ` Kasper Dupont @ 2003-01-30 20:44 ` H. Peter Anvin 2003-01-30 20:50 ` John Bradford 1 sibling, 0 replies; 20+ messages in thread From: H. Peter Anvin @ 2003-01-30 20:44 UTC (permalink / raw) To: Kasper Dupont; +Cc: linux-kernel Kasper Dupont wrote: > "H. Peter Anvin" wrote: > >>All the .sign >>files are good for is to check for rogue mirrors. > > I believe I can also use them to check against a MiM > attack against my connection to kernel.org. > You can, assuming you have a trust path to the key. -hpa ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: kernel.org frontpage 2003-01-30 20:42 ` Kasper Dupont 2003-01-30 20:44 ` H. Peter Anvin @ 2003-01-30 20:50 ` John Bradford 1 sibling, 0 replies; 20+ messages in thread From: John Bradford @ 2003-01-30 20:50 UTC (permalink / raw) To: Kasper Dupont; +Cc: hpa, linux-kernel > > All the .sign > > files are good for is to check for rogue mirrors. > > I believe I can also use them to check against a MiM > attack against my connection to kernel.org. Yes. John. ^ permalink raw reply [flat|nested] 20+ messages in thread
[parent not found: <200301290947.h0T9lKa9000750@darkstar.example.net.suse.lists.linux.kernel>]
[parent not found: <3E37A46B.4080907@zytor.com.suse.lists.linux.kernel>]
[parent not found: <200301291509.h0TF9S4K003537@turing-police.cc.vt.edu.suse.lists.linux.kernel>]
[parent not found: <3E3819CB.2090409@zytor.com.suse.lists.linux.kernel>]
[parent not found: <3E381F47.8060200@nortelnetworks.com.suse.lists.linux.kernel>]
* Re: kernel.org frontpage [not found] ` <3E381F47.8060200@nortelnetworks.com.suse.lists.linux.kernel> @ 2003-01-29 18:55 ` Andi Kleen 0 siblings, 0 replies; 20+ messages in thread From: Andi Kleen @ 2003-01-29 18:55 UTC (permalink / raw) To: Chris Friesen; +Cc: hpa, linux-kernel Chris Friesen <cfriesen@nortelnetworks.com> writes: > > THE SIGN FILES DO NOT VERIFY AGAINST A COMPROMISED KERNEL.ORG MASTER SITE. > > Perhaps for the truly paranoid the signatures should be posted to this > newsgroup and digitally signed by someone trusted. Or just sign them on the ftp site with the key from someone trusted. -Andi ^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2003-01-30 20:40 UTC | newest]
Thread overview: 20+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-01-29 5:40 kernel.org frontpage H. Peter Anvin
2003-01-29 9:47 ` John Bradford
2003-01-29 9:52 ` H. Peter Anvin
2003-01-29 15:09 ` Valdis.Kletnieks
2003-01-29 18:13 ` H. Peter Anvin
2003-01-29 18:36 ` Chris Friesen
2003-01-29 18:55 ` Valdis.Kletnieks
2003-01-29 19:37 ` Russell King
2003-01-29 19:49 ` Valdis.Kletnieks
2003-01-29 19:14 ` John Bradford
2003-01-29 19:20 ` Valdis.Kletnieks
2003-01-29 19:30 ` H. Peter Anvin
2003-01-30 10:55 ` Hans Reiser
2003-01-29 19:54 ` John Bradford
2003-01-29 19:29 ` H. Peter Anvin
2003-01-29 19:58 ` John Bradford
2003-01-30 20:42 ` Kasper Dupont
2003-01-30 20:44 ` H. Peter Anvin
2003-01-30 20:50 ` John Bradford
[not found] <200301290947.h0T9lKa9000750@darkstar.example.net.suse.lists.linux.kernel>
[not found] ` <3E37A46B.4080907@zytor.com.suse.lists.linux.kernel>
[not found] ` <200301291509.h0TF9S4K003537@turing-police.cc.vt.edu.suse.lists.linux.kernel>
[not found] ` <3E3819CB.2090409@zytor.com.suse.lists.linux.kernel>
[not found] ` <3E381F47.8060200@nortelnetworks.com.suse.lists.linux.kernel>
2003-01-29 18:55 ` Andi Kleen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox