eugen at leitl.org
Sun Sep 8 09:43:09 PDT 2013
On Sun, Sep 08, 2013 at 09:08:24AM -0700, Greg KH wrote:
> > Real physical security and a process to keep signing secrets
> > secure in community based Linux and *BSD distributions.
> What are the problems in the existing processes that you feel are week?
> For example, what is wrong with openSUSE's signing process that you feel
> are wrong?
I'm only aware of how Debian does things, and not in any detail.
What I would do is to separate the signing secrets across multiple
key people, and do a recorded/witnessed ceremony following a CA-like
model, signing on an air-gapped machine which is securely
wiped afterwards and transferring packages via sneakernet
(making sure there's nothing autoexecuted on plugin)
to the machine where it is being published. Yes, this is a huge
So have a secure process in place, monitor the process by
external parties so that we can be sure that it is actually being
done the way it is said to be done. Trust, but verify.
> > Review of anything crypto based. Completely different process
> > for anything crypto based than for everything else. No more
> > undetected regression meltdowns a la Debian.
> What type of review? What type of process would catch stuff like that?
Getting in the professionals. A lot of old cryptography and
cypherpunk hands have reappeared and the woodwork is buzzing
with activity. They have clue and they're willing to help.
Somebody should first get them talking, and then organize a
physical meeting. If I knew any distro guys I would try to
hook them up.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the linux-elitists