Re: [Gnu-arch-users] tla--devo--1.2 has preliminary gpg stuff

[Andrew Suffield]

On Fri, Dec 26, 2003 at 08:01:11PM -0800, Tom Lord wrote:
> 
>     > From: Andrew Suffield <address@hidden>
> 
>     > Not instead of, but also:
> 
>     > If we ever see a =3Dmeta-info/signed-archive file, record that locally
>     > (presumably in .arch-params); if we have a local record and the
>     > archive is unsigned, abort immediately. Such records would never be
>     > reverted except via explicit user intervention.
> 
>     > That won't help users who never touched the archive before it was
>     > compromised, but it will both help existing users, and serve as a
>     > fairly effective mechanism for detection (only *one* person has to
>     > report the archive corruption).
> 
>     > It introduces an constraint that you never convert a signed archive
>     > into an unsigned one - which is probably a reasonable constraint.
> 
> What I've actually done is slightly different.
> 
> To check signatures on client-side operations, you create a file in
> ~/.arch-params/signing.   For example, to check a given ARCHIVE you 
> put a rule in:
> 
> 
>       ~/.arch-params/ARCHIVE.check
> 
> If an archive is signed, but you have no rule, but do have: 
> 
>       ~/.arch-params/=default.check
> 
> 
> Now, if you have:
> 
>       ~/.arch-params/ARCHIVE.check
> 
> but ARCHIVE is not signed -- that's a fatal error.

Hmm, still less aggressive than I'd like... how about a way to run a
command for every unsigned archive that isn't otherwise trapped, so
that we can implement external checks?

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

signature.asc
Description: Digital signature