Re: Code signing in OpenBSD

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <misc@...>

Date: Wednesday, December 5, 2007 - 3:13 pm

On Wednesday, 05.12.2007 at 17:59 +0000, Kevin Stam wrote:

quoted text> For one thing, I think you're quite confused. Unless I'm missing
> something, I'm not noticing the FreeBSD, NetBSD, Linux kernel
> developers "signing" their code, or doing anything particularly
> differently from the OpenBSD developers. Please explain.

I'm guessing that he's referring to the fact that some Linux
*distributions* (not the kernel developers or necessarily any of the
components) sign their binary packages: for example Debian do this.

I believe one of the supposed benefits of this is that it allows anyone
to set up a public Debian mirror and, after checking the signatures
during download, one can be sure that they are 'real' Debian packages.

I believe that in some circumstances this may lead to a false sense of
security:

- Said mirror could have old (vulnerable) versions of packages.  Just
  because they're signed doesn't mean they're safe;

- The signing relates only to the packaging: if the underlying source
  code is compromised, then all bets are off.

Would signing help for OpenBSD?  I don't particular see that it would,
given that you are trading off the hassle of implementing it,
maintaining it and so on, against the benefits of doing so, which are
probably small or non-existent.

Dave.

--
Dave Ewart davee@sungate.co.uk, jabber:davee@jabber.org, freenode:davee
All email from me is now digitally signed, http://www.sungate.co.uk/
Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Code signing in OpenBSD, new_guy, (Tue Dec 4, 11:16 pm)

Re: Code signing in OpenBSD, Lars Hansson, (Wed Dec 5, 1:52 am)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 10:56 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:22 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 1:59 pm)

Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 2:18 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 2:26 pm)

Re: Code signing in OpenBSD, Dave Ewart, (Wed Dec 5, 3:13 pm)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 3:52 pm)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 11:03 am)

Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 11:22 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 12:46 pm)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 9:35 pm)

Re: Code signing in OpenBSD, Linus Swälas, (Wed Dec 5, 11:03 pm)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 10:15 pm)

Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 3:58 pm)

Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 7:22 pm)

Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 8:15 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 8:56 pm)

Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 9:48 pm)

Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 7:46 pm)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:52 am)

Re: Code signing in OpenBSD, STeve Andre', (Thu Dec 6, 3:49 pm)

Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 11:02 pm)

Re: Code signing in OpenBSD, Otto Moerbeek, (Thu Dec 6, 2:55 am)

Re: Code signing in OpenBSD, Rod Whitworth, (Wed Dec 5, 5:12 pm)

Re: Code signing in OpenBSD, Bob Beck, (Wed Dec 5, 4:24 pm)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:50 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 5:28 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 6:22 pm)

Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 4:36 pm)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 12:59 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 2:46 pm)

Re: Code signing in OpenBSD, Lars Hansson, (Thu Dec 6, 12:37 am)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:45 am)

Re: Code signing in OpenBSD, Floor Terra, (Wed Dec 5, 5:09 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Wed Dec 5, 4:23 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:44 am)

Re: Code signing in OpenBSD, Martin Schröder, (Thu Dec 6, 4:20 am)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 5:28 pm)

Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 6:08 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 3:23 pm)

Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 4:41 pm)

Re: Code signing in OpenBSD, Nick Bender, (Wed Dec 5, 4:21 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 1:15 pm)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:48 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 10:51 am)

Re: Code signing in OpenBSD, Eric Furman, (Thu Dec 6, 12:01 pm)

Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 11:39 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:12 pm)

Re: Code signing in OpenBSD, Jeff I. Ragland, (Thu Dec 6, 12:27 pm)

Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 12:57 pm)

Re: Code signing in OpenBSD, Jacob Yocom-Piatt, (Thu Dec 6, 1:33 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 11:24 am)

Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:10 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Thu Dec 6, 2:00 pm)

Re: Code signing in OpenBSD, Bob Beck, (Thu Dec 6, 2:58 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 2:28 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 2:39 pm)

Re: Code signing in OpenBSD, Christopher Linn, (Thu Dec 6, 3:22 pm)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 3:39 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 3:59 pm)

Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 11:08 am)

Re: Code signing in OpenBSD, Gilbert Fernandes, (Thu Dec 6, 11:54 am)

Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 7:12 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:38 am)

Re: Code signing in OpenBSD, Stuart Henderson, (Thu Dec 6, 7:23 am)

Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:37 am)

Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:41 pm)

Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 2:27 pm)

Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 2:48 pm)


linux-kernel:
Dmitry Torokhov	2.6.27-rc8+ - first impressions
Linus Torvalds	Linux 2.6.27-rc8
Nick Piggin	[patch 3/6] mm: fix fault vs invalidate race for linear mappings
Alan Cox	[PATCH 00/76] Queued TTY Patches
git:
Petr Baudis	[FYI][PATCH] Customizing the WinGit installer
Pierre Habouzit	Re: git push (mis ?)behavior
Mark Levedahl	Allowing override of the default "origin" nickname
Junio C Hamano	[PATCH] Detached HEAD (experimental)
openbsd-misc:
Richard Stallman	Real men don't attack straw men
Luca Dell'Oca	Authenticate squid in Active Directory
Leon Dippenaar	New tcp stack attack
Nuno Magalhães	Can't scp, ssh is slow to authenticate.
linux-netdev:
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
KOSAKI Motohiro	[bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
Andi Kleen	Re: [PATCH] Disable TSO for non standard qdiscs
Alexey Dobriyan	[PATCH 01/33] nf_conntrack_sip: de-static helper pointers


usb mic not detected	1 hour ago	Applications and Utilities
linux-2.6.10	1 hour ago	Linux kernel
How to detect usb device insertioin and removal event ?	5 hours ago	Linux general
Extended configuration Read/Write	5 hours ago	Windows
Add ext2 inode field	15 hours ago	Linux kernel
the kernel how to power off the machine	1 day ago	Linux kernel
struct gendisk via request_queue	1 day ago	Linux kernel
page initialization during kernel initialization	2 days ago	Linux kernel
Read Transport Layer Data form network packets (tcp/ip)	2 days ago	Linux kernel
Getting blinking screen in Fedora 9	3 days ago	Linux general

Re: Code signing in OpenBSD

Online users