tech-userlevel: Re: adding gpg to src/gnu/dist

Subject: Re: adding gpg to src/gnu/dist
To: None <tech-security@NetBSD.org, tech-userlevel@NetBSD.org>
From: Marc Tooley <netbsdMLpostNO@SPAM.quake.ca>
List: tech-userlevel
Date: 05/17/2004 09:38:40

On Friday 14 May 2004 13:17, Thor Lancelot Simon wrote:
> On Fri, May 14, 2004 at 12:58:57PM -0700, Marc Tooley wrote:
> > On Friday 14 May 2004 12:18, Love wrote:
> > > I'm sure they can run
> > >
> > > 	$ nbsvtool verify binary_pkg.sp7 && echo woohoo everything ok
> > > 	woohoo everything ok
> > >
> > > especially when its inside pkg_add so they don't need to run it
> > > at all themself.
> > >
> > > Love
> >
> > ... which can't be used on other platforms where nbsvtool hasn't
> > been ported or doesn't exist; the ubiquity of GnuPG in this case
> > means that
>
> Uh, it's pretty hard to install packages on a system where pkg_add
> "hasn't been ported or doesn't exist", isn't it?

I was talking about requiring a netbsd or pkgsrc-friendly system to 
verify if these hypothetical packages are authentic or not. On those 
that it doesn't work so well on, the (possibly compromised) package 
sits there as an unknown until it makes its way to a system where it 
can be checked.

I mean sure, the end-user can detect it, and perhaps that's all that's 
important. I'm just saying that gnupg is already on many of these kinds 
of systems and already in-use. It seems to me that forcing people to 
conform to a brand new authentication mechanism if they want to check 
validity is a bit onerous.

Also, so far the only reasons for disliking gnupg apply far more aptly 
to current openssl software, but for openssl you're willing to build an 
entirely new trust mechanism around a *ssl library...?

Seems like a great deal of effort.

*shrug* Well, if it does go ahead, I hope we can provide the framework 
as part of netbsd so others can use it to distribute their own packages 
and software.

If a single gnupg key is used as an introducer or even just as a 
signature on the other keys (security bulletins, system packages, etc) 
then not only will you see the benefits of a hierarchical trust model, 
but then you can take advantage of the already mammoth PKI in place and 
those of us who like webs of trust can more easily integrate the 
various netbsd keys into our familiar keyrings.