Home » Mailing list archives » openbsd-misc » 2007 » December » 5

Re: Code signing in OpenBSD

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Dave Ewart <davee@...>
To: <misc@...>
Subject: Re: Code signing in OpenBSD
Date: Wednesday, December 5, 2007 - 3:13 pm

On Wednesday, 05.12.2007 at 17:59 +0000, Kevin Stam wrote:


> For one thing, I think you're quite confused. Unless I'm missing


I'm guessing that he's referring to the fact that some Linux

*distributions* (not the kernel developers or necessarily any of the

components) sign their binary packages: for example Debian do this.


I believe one of the supposed benefits of this is that it allows anyone

to set up a public Debian mirror and, after checking the signatures

during download, one can be sure that they are 'real' Debian packages.


I believe that in some circumstances this may lead to a false sense of

security:


- Said mirror could have old (vulnerable) versions of packages.  Just

  because they're signed doesn't mean they're safe;


- The signing relates only to the packaging: if the underlying source

  code is compromised, then all bets are off.


Would signing help for OpenBSD?  I don't particular see that it would,

given that you are trading off the hassle of implementing it,

maintaining it and so on, against the benefits of doing so, which are

probably small or non-existent.


Dave.


--

Dave Ewart davee@sungate.co.uk, jabber:davee@jabber.org, freenode:davee

All email from me is now digitally signed, http://www.sungate.co.uk/

Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92


[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Code signing in OpenBSD, new_guy, (Tue Dec 4, 11:16 pm)
Re: Code signing in OpenBSD, Lars Hansson, (Wed Dec 5, 1:52 am)
Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 10:56 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:22 pm)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 1:59 pm)
Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 2:18 pm)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 2:26 pm)
Re: Code signing in OpenBSD, Dave Ewart, (Wed Dec 5, 3:13 pm)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 3:52 pm)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 11:03 am)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 11:22 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 12:46 pm)
Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 9:35 pm)
Re: Code signing in OpenBSD, Linus Swälas, (Wed Dec 5, 11:03 pm)
Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 10:15 pm)
Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 3:58 pm)
Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 7:22 pm)
Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 8:15 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 8:56 pm)
Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 9:48 pm)
Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 7:46 pm)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:52 am)
Re: Code signing in OpenBSD, STeve Andre', (Thu Dec 6, 3:49 pm)
Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 11:02 pm)
Re: Code signing in OpenBSD, Otto Moerbeek, (Thu Dec 6, 2:55 am)
Re: Code signing in OpenBSD, Rod Whitworth, (Wed Dec 5, 5:12 pm)
Re: Code signing in OpenBSD, Bob Beck, (Wed Dec 5, 4:24 pm)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:50 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 5:28 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 6:22 pm)
Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 4:36 pm)
Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 12:59 pm)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 2:46 pm)
Re: Code signing in OpenBSD, Lars Hansson, (Thu Dec 6, 12:37 am)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:45 am)
Re: Code signing in OpenBSD, Floor Terra, (Wed Dec 5, 5:09 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Wed Dec 5, 4:23 pm)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:44 am)
Re: Code signing in OpenBSD, Martin Schröder, (Thu Dec 6, 4:20 am)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 5:28 pm)
Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 6:08 pm)
Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 3:23 pm)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 4:41 pm)
Re: Code signing in OpenBSD, Nick Bender, (Wed Dec 5, 4:21 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 1:15 pm)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:48 am)
Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 10:51 am)
Re: Code signing in OpenBSD, Eric Furman, (Thu Dec 6, 12:01 pm)
Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 11:39 am)
Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:12 pm)
Re: Code signing in OpenBSD, Jeff I. Ragland, (Thu Dec 6, 12:27 pm)
Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 12:57 pm)
Re: Code signing in OpenBSD, Jacob Yocom-Piatt, (Thu Dec 6, 1:33 pm)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 11:24 am)
Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:10 pm)
Re: Code signing in OpenBSD, Ted Unangst, (Thu Dec 6, 2:00 pm)
Re: Code signing in OpenBSD, Bob Beck, (Thu Dec 6, 2:58 pm)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 2:28 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 2:39 pm)
Re: Code signing in OpenBSD, Christopher Linn, (Thu Dec 6, 3:22 pm)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 3:39 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 3:59 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 11:08 am)
Re: Code signing in OpenBSD, Gilbert Fernandes, (Thu Dec 6, 11:54 am)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 7:12 am)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:38 am)
Re: Code signing in OpenBSD, Stuart Henderson, (Thu Dec 6, 7:23 am)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:37 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:41 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 2:27 pm)
Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 2:48 pm)