[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: officially signed packages
On Mon, Apr 07, 2014 at 04:48:16PM +0200, Fredrik Pettai wrote:
> On Apr 7, 2014, at 14:38 , Joerg Sonnenberger
> <joerg%britannica.bec.de@localhost> wrote:
> > On Mon, Apr 07, 2014 at 01:36:10PM +0200, Jan Danielsson wrote:
> >> I used to (very) strongly prefer PGP over X.509, nowadays I see them
> >> as being equally useful, but in different situations. In the case of
> >> signing packages, X.509 PKI is well-suited because TNF is a perfect type
> >> of entity to be a CA. That being said, the X.509 tools out there are
> >> user-hostile, counter-intuitive, ugly, annoying, and down-right bad[*].
> >> So while conceptually I'm all for TNF becoming a CA, the lack of
> >> non-user-hostile tools makes me feel that the PGP route is better in the
> >> end. ..as long as we have netpgp(verify).
> > While I mostly agree about the hostility of tools like openssl(1), I
> > don't think it applies overly much in this context. The use model I had
> > in mind when creating the x509 support was:
> > (1) The person responsible for the a bulk build creates a CA
> > certificate.
> > (2) An intermediate key with a short valid time (3 month?) is used to
> > sign the packages.
> Why that short time?
Just an attempt to establish a base line between "too much work for
admin" and "impact of possible breach". Rotating certs with 6 month
validity every 3 month might work better, I just wanted to toss in a
> btw. what happens if I try to install a package with a non-valid signature?
> Will I be refused? Will I be prompted that the signature has expire or
> is invalid, but I could override & continue anyway?
Depends on CHECK_VULNERABILITIES, see pkg_install.conf(5).
Main Index |
Thread Index |