Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL

From:	Daniel Carrera
Subject:	Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL
Date:	Mon, 20 Oct 2008 11:26:21 +0200
User-agent:	Thunderbird 2.0.0.17 (Macintosh/20080914)

Ethan Blanton wrote:

Monotone generally settles on security first; many users (myself
included) consider this a good thing.

I second that. Security is one of the most interesting features ofMonotone. It's what brought me to this list.

A single, well-known key store
is much easier to keep track of and secure than a variety of databases
being shipped all over the network for various reasons.  Yes, those
keys are protected, but they're protected by a passphrase which is
almost certainly not very good, cryptographically speaking.

Indeed. I don't know of any product with PK cryptography thatdistributes private keys all nilly willy.

It's a freaking land mine.


That's interesting ... I found the in-database keys to be a "freaking
land mine", and was quite pleased several years back when they were
ditched in favor of a filesystem key store.


Monotone used to have private keys in the DB?!

Daniel.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, (continued)
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Timothy Brownawell, 2008/10/19
  - Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Robert White, 2008/10/19
    - Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Ethan Blanton, 2008/10/19
    - Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Daniel Carrera <=
    - Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Stephen Leake, 2008/10/21
    - Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Stephen Leake, 2008/10/22
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Sebastian Rose, 2008/10/19
  - Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Robert White, 2008/10/19
- Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Thomas Keller, 2008/10/20
  - Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL, hendrik, 2008/10/20
- [Monotone-devel] Re: WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Lapo Luchini, 2008/10/20
  - Re: [Monotone-devel] Re: WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Brian May, 2008/10/20
    - Re: [Monotone-devel] Re: WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Markus Wanner, 2008/10/21
    - Re: [Monotone-devel] Re: WARNING: ~/.monotone/keys CONSIDERED HARMFUL, Brian May, 2008/10/23

Prev by Date: Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL
Next by Date: Re: [Monotone-devel] date certs on net.venge.monotone
Previous by thread: Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL
Next by thread: Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL
Index(es):
- Date
- Thread