Re: kernel.org tarball/patch signature files
From: H. Peter Anvin
Date: Tue Oct 25 2011 - 04:27:27 EST
On 10/25/2011 06:31 AM, Kyle Moffett wrote:
>
> Unfortunately, while there are "pristine-gz" and "pristine-bz2" tools,
> there has not yet been developed a "pristine-xz" tool:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499489
>
> So it's not yet reasonably possible for the kernel.org archive, but
> sometime in the future it might become so.
>
There are a lot of strong reasons to NOT do so, however.
Any time we have something signed by a developer, we have something that
is precious and cannot be replicated by kernel.org staff.
Any time we have something signed by a robot, we have something that
people *will* misinterpret as having security properties that they don't
-- this has unfortunately been amply shown.
Compression formats evolve over time; right now we're concerned with gz,
bz2, and xz, but xz is brand new here and there may very well be new
things in the future.
It would be a very good thing for people to develop tools to run
compressors and decompressors in locked-down boxes. It should be
possible to run these kinds of programs without access to either network
or filesystem; only read from stdin and out on stdout (and presumably
stderr for errors.) This would solve problems for much more than just
kernel.org.
-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/