Secrecy and user trust
Les Mikesell
lesmikesell at gmail.com
Mon Sep 8 03:12:14 UTC 2008
Ed Greshko wrote:
>
>>>> What's the point of having the key at all if you implicitly trust the
>>>> delivery mechanism of the RPM packages?
>>> Good approach, answer a question with another question.
>>>
>> If you can't say why you need the key in the first place, there isn't
>> much hope of seeing why you need a different reason to trust the key
>> than the content it verifies.
>>
> Bzzzzttt... Wong! You are attacking the current system and it is
> incumbent on you to prove your points.
I'm not sure there is a 'current system', but if you mean the plan to
use the old key validation for the installation of a package containing
the new one and the new repo locations, I don't have a better suggestion.
> I can't help but to see the irony in that those clamoring for "explicit
> details" from the Fedora folks as to the nature, methods, damage
> inflicted on the Fedora infrastructure are so devoid of details on how
> their attack vector would work. Their scenario amounts to...generate a
> fake key pair, fool people in accepting it, sign compromised packages,
> fool people into downloading and installing them...take over their systems.
I'm sure there are people capable of that - but in the planned scenario
the same person has to also possess the old signing key.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list