From: Daniel L. <dm...@ya...> - 2002-11-29 21:25:07
|
All, What about an opt-in scheme where everything is signed, but users who don't care can install it without verification. Sort of like the MD5 scheme some projects use--you verify the integrity of the software if you worry about such things and ignore the signature if you don't. Developers would all have a PKI key, sign with their private and the installer could optionally verify using their public key. The public keys could be retrieved from servers when modules are downloaded. Then users have a choice and only those who want the extra security are burdened. Unfortunately, all developers have to sign their work to accommodate the option, so it is more work for already over-worked developers. Just my $0.02, Daniel -- daniellordATtelocityDOTcom "My dancing, drinking, and singing weave me the mat GPG Fingerprint: C59E 59F5 1C63 5CFB 6161 067E FF00 A4E8 684A 16BB upon which my soul will sleep in the world of spirits" -- Old Man of Halmahera, Indonesia On Friday, Nov 29, 2002, at 12:47 US/Pacific, David wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > > On Donnerstag, November 28, 2002, at 09:00 Uhr, Carsten Klapp wrote: > >> Hi David, >> > Hi Carsten >> I like the idea of signature verification. Better safe now than sorry >> later. >> > I am very glad to hear that, which makes me think about this even > more. It was pointed out to me in channel, that gpg contains strong > cryptography and might not be suited for every country therefore. I > admit, that I did not think of this and I shall do my very best to > research the matter. Even though I would like to have this security > feature optional for now, I am sure we could try and move it to a > mandatory status later. >> I have a few concerns: >> >> - Scripts on the server which automatically sign committed info and >> patch files wouldn't stop a hacker, no? >> > Come to think about it, automatic signing is a bad idea. The whole > idea behind the interactive signing process of gpg is to make sure, > that the person signing the package or message is really the one the > key belongs to, thus the password. It would be possible to either > share the secret key between all members or simply provide a central > location which has to be protected properly, for signing packages, > info and patch files. > > I also wonder how the users think about it, after all gpg signing > would require additional programs to be installed maybe even > additional modules for fink to use gpg properly. > > So please, all of you voice your opinion and please excuse the cross > post. > > - -d > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (Darwin) > > iD8DBQE959JwiW/Ta/pxHPQRAyIxAJ0fee1GhTwqVFghpi3Dfvt6eQikqQCgxtd9 > MJRKfzUoHZ9lLkUq56hPKKU= > =+zlf > -----END PGP SIGNATURE----- > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Get the new Palm Tungsten T > handheld. Power & Color in a compact size! > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > _______________________________________________ > Fink-devel mailing list > Fin...@li... > https://lists.sourceforge.net/lists/listinfo/fink-devel > > |