[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE
From: |
Brian May |
Subject: |
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE |
Date: |
Thu, 22 Jan 2004 12:22:20 +1100 |
User-agent: |
Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (gnu/linux) |
>>>>> "Tom" == Tom Lord <address@hidden> writes:
>> I think we should take this opportunity to switch to detached
>> signatures. [....] The advantages of this are that it doesn't
>> require parsing the checksum file, and also we can have
>> multiple people sign a single revision (just add more
>> signatures in sigs/).
[...]
Tom> Anyway: What is the semantic significance of multiply signed
Tom> revisions and why doesn't that functionality belong
Tom> elsewhere? The purpose of signatures in arch is to help to
Tom> preserve archive integrity. Period.
Regardless of how you feel about multiple signatures, etc, I think
Colin's proposal for detached signatures is a good idea.
It means GPG will verify that the file contents are the same, and
there is no way somebody can insert extra data before or after the
real data.
Sure, you can add checks to make sure that there is no data before or
after the GPG signed data, but wouldn't it be a lot simpler, and more
flexible just to use detached signatures?
--
Brian May <address@hidden>
- [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Tom Lord, 2004/01/20
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Colin Walters, 2004/01/20
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Tom Lord, 2004/01/20
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Colin Walters, 2004/01/21
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE,
Brian May <=
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Tom Lord, 2004/01/21
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Rob Kaper, 2004/01/22
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Colin Walters, 2004/01/22
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Tom Lord, 2004/01/22
- [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Samuel Tardieu, 2004/01/22
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Robert Collins, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Robert Collins, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24