[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4EA672D9.106@zytor.com>
Date: Tue, 25 Oct 2011 10:27:05 +0200
From: "H. Peter Anvin" <hpa@...or.com>
To: Kyle Moffett <kyle@...fetthome.net>
CC: Greg KH <greg@...ah.com>,
Jari Ruusu <jariruusu@...rs.sourceforge.net>,
linux-kernel@...r.kernel.org
Subject: Re: kernel.org tarball/patch signature files
On 10/25/2011 06:31 AM, Kyle Moffett wrote:
>
> Unfortunately, while there are "pristine-gz" and "pristine-bz2" tools,
> there has not yet been developed a "pristine-xz" tool:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499489
>
> So it's not yet reasonably possible for the kernel.org archive, but
> sometime in the future it might become so.
>
There are a lot of strong reasons to NOT do so, however.
Any time we have something signed by a developer, we have something that
is precious and cannot be replicated by kernel.org staff.
Any time we have something signed by a robot, we have something that
people *will* misinterpret as having security properties that they don't
-- this has unfortunately been amply shown.
Compression formats evolve over time; right now we're concerned with gz,
bz2, and xz, but xz is brand new here and there may very well be new
things in the future.
It would be a very good thing for people to develop tools to run
compressors and decompressors in locked-down boxes. It should be
possible to run these kinds of programs without access to either network
or filesystem; only read from stdin and out on stdout (and presumably
stderr for errors.) This would solve problems for much more than just
kernel.org.
-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists