On Fri, 2003-11-21 at 21:09, Yi Qiang wrote:
I think this has been brought up many times before, but as most of us
know, many of the debian servers have been compromised recently. This
has reinstated fear into many people about how "trustful" our distfile
repositories really are. If indeed one is compromised it would be too
easy for someone to slip a backdoor into a package, especially since I
and a lot of other gentoo users simply ignore md5 checksums. If a
digest fails we simply ebuild foo.ebuild digest it again. I think an
option should be made that would allow failing packages if gpg fails. (I
think Redhat does something like this) This of course is not a fool
proof way, but a big improvement over what is currently done to ensure
package integrity.
If the key server/signature is compromised you have gained nothing over the way we have it now. Adding it is just another way for something to go wrong.
As for users doing ebuild foo.ebuild digest blindly - that's a good way to put your box at serious risk.
I agree that the current system is good the way it is. If someone is dumb enough to ignore a failing MD5 on anything other than MPlayer fonts, and I'm sure most of us have done 'ebuild digest mplayer-x.xx.ebuild' at one point or another (I have), another check isn't going to keep them from opening up their box, anyway.
-- Andrew Gaffney
-- [EMAIL PROTECTED] mailing list
