[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Checking signatures on source tarballs

From: Leo Famulari
Subject: Re: Checking signatures on source tarballs
Date: Wed, 07 Oct 2015 14:05:32 -0400

On Wed, Oct 7, 2015, at 10:09, Mark H Weaver wrote:
> > address@hidden (Ludovic Courtès) writes:
> > Most of the time the authentication model is trust-on-first-download:
> > The packager fetches upstream’s public key when they first download a
> > tarball (so this particular phase is subject to MiTM), and subsequent
> > downloads are checked against the key that’s already in the packager’s
> > keyring.
> Right, and every time the package is updated, that's another opportunity
> for a MiTM attack.  My proposal would fix that problem.  It would also
> allow MiTM attacks to be detected later, because the bad key would be
> recorded in our git repository for all to see.

I have been wondering about this issue as I created package and I share
Mark's concern. The current system relies on packagers to get it right
for every update.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]