Re: kernel.org tarball/patch signature files

[H. Peter Anvin]

On 10/25/2011 06:31 AM, Kyle Moffett wrote:
> 
> Unfortunately, while there are "pristine-gz" and "pristine-bz2" tools,
> there has not yet been developed a "pristine-xz" tool:
>   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499489
> 
> So it's not yet reasonably possible for the kernel.org archive, but
> sometime in the future it might become so.
> 

There are a lot of strong reasons to NOT do so, however.

Any time we have something signed by a developer, we have something that
is precious and cannot be replicated by kernel.org staff.

Any time we have something signed by a robot, we have something that
people *will* misinterpret as having security properties that they don't
-- this has unfortunately been amply shown.

Compression formats evolve over time; right now we're concerned with gz,
bz2, and xz, but xz is brand new here and there may very well be new
things in the future.

It would be a very good thing for people to develop tools to run
compressors and decompressors in locked-down boxes.  It should be
possible to run these kinds of programs without access to either network
or filesystem; only read from stdin and out on stdout (and presumably
stderr for errors.)  This would solve problems for much more than just
kernel.org.

	-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/