Secrecy and user trust

Les Mikesell lesmikesell at gmail.com
Mon Sep 8 03:12:14 UTC 2008


Ed Greshko wrote:
> 
>>>> What's the point of having the key at all if you implicitly trust the
>>>> delivery mechanism of the RPM packages?
>>> Good approach, answer a question with another question.
>>>
>> If you can't say why you need the key in the first place, there isn't
>> much hope of seeing why you need a different reason to trust the key
>> than the content it verifies.
>>
> Bzzzzttt...  Wong!  You are attacking the current system and it is
> incumbent on you to prove your points. 

I'm not sure there is a 'current system', but if you mean the plan to 
use the old key validation for the installation of a package containing 
the new one and the new repo locations, I don't have a better suggestion.

> I can't help but to see the irony in that those clamoring for "explicit
> details" from the Fedora folks as to the nature, methods, damage
> inflicted on the Fedora infrastructure are so devoid of details on how
> their attack vector would work.  Their scenario amounts to...generate a
> fake key pair, fool people in accepting it, sign compromised packages,
> fool people into downloading and installing them...take over their systems.

I'm sure there are people capable of that - but in the planned scenario 
the same person has to also possess the old signing key.

-- 
   Les Mikesell
    lesmikesell at gmail.com




More information about the fedora-list mailing list