+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131031643.GF21938%40mars-attacks.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+

+ <LINK REL="Next" HREF="002381.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>nicolas vigier</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131031643.GF21938%40mars-attacks.org%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">boklm at mars-attacks.org

+ </A><BR>

+ <I>Mon Jan 31 04:16:43 CET 2011</I>

+ <P><UL>

+

+ <LI>Next message: <A HREF="002381.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2380">[ date ]</a>

+ <a href="thread.html#2380">[ thread ]</a>

+ <a href="subject.html#2380">[ subject ]</a>

+ <a href="author.html#2380">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>Hello,

+

+Now that we have a working build system, we need to setup the last part,

+which is package signing. And for this we need a GPG key. So it's time

+to decide on some policy about PGP keys.

+

+We can look at how it was done at Mandriva. If I remember correctly :

+ - cooker packages were signed with a key stored on the build system

+ - stable release packages were signed at release time with an other

+ key, not stored on the build system, but stored on the server used

+ to prepare the release and generate the ISOs

+ - updates for main repository were managed by secteam, and signed by

+ secteam key. The secteam didn't use the build system but their own

+ servers, so the key was stored on their servers

+ - updates for contrib repository were signed using a key stored on the

+ build system

+ - backports for main and contrib repository were signed using a key

+ stored on the build system

+

+However there are a few problems with this :

+ - too many different keys, with different names, it's difficult to see

+ which ones are really official.

+ - keys stored on the build system were not secure (all contributors and

+ apprentice had shell access on the build system and could easily become

+ root using iurt or other techniques, and then access the secret keys).

+ We won't provide shell access on the same servers as the build system

+ so it should be more secure, however it is always possible that a

+ server be compromised, with all the pgp keys on it, so we should plan

+ for it, and be able to revoke keys if it happens

+ - using a different key for developement version, and released version

+ means we need to resign all packages for the release, taking a lot

+ of time, cpu, and bandwidth to copy the packages between different

+ servers

+ - updates will be done using the same build system, so there is no use

+ to have two different keys for release and updates packages

+ - signed packages are supposed to prevent someone from modifying

+ packages on the mirrors. However the public key used to verify the

+ packages is downloaded from the mirror, and could be modified too.

+ So it would be very easy to create a fake mirror with modified

+ packages. We should fix that by allowing only trusted keys to be used.

+

+

+So I propose that we use two keys :

+ - We sign all packages from all repositories using only one key. This

+ key is stored on the buildsystem. We can call it <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org.</A>

+ - We have an other key, that we call <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org.</A> This key is

+ not used on any online server, and is supposed to never be changed,

+ and should not be compromised. Only a few people have a copy of this

+ key (some people from board ?), kept on a usb key hidden somewhere, but

+ not on their laptop or any computer with internet connection. This key

+ is used to sign the key <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org</A> (and revoke it if needed),

+ and other official keys of the project, but never used for anything

+ else (not for receiving encrypted messages). And the signature is

+ sent on public keyservers.

+ - We add the <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org</A> public key inside the urpmi package.

+ We change urpmi so that it refuses to use any key which has not been

+ signed by <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org.</A> And urpmi should frequently update the

+ keys it is using from public keyservers to check that its signature

+ from board@ has not been revoked (or that the key self signature has

+ not been revoked).

+ - In case we think the packages@ key may have been compromised, or is

+ too old, or we want to change it for any other reason, we revoke the

+ key, and/or revoke the signature from board@ so that it is no

+ longer accepted by urpmi. We create a new key, we sign it with

+ the board@ key and we can start to use this new key.

+

+According to this page :

+<A HREF="http://www.cs.arizona.edu/stork/packagemanagersecurity/attacks-on-package-managers.html">http://www.cs.arizona.edu/stork/packagemanagersecurity/attacks-on-package-managers.html</A>

+there is also a few things we need to improve in urpmi to make it more

+secure (signed hdlists, and expiration dates on hdlists), but this is

+for later.

+

+In this thread :

+<A HREF="https://www.mageia.org/pipermail/mageia-dev/20110128/002363.html">https://www.mageia.org/pipermail/mageia-dev/20110128/002363.html</A>

+misc proposed that we publish tarballs of our software on the mirrors,

+and sign them using a pgp key. So we need a key for that. We also want

+to sign ISOs, maybe with a different key. So I think we can do the same

+as for packages key, we create new keys for software releases and for

+ISOs, and we sign those keys with the board@ key. And we can tell

+everybody that all files released by the project are always signed by

+a key that was signed by the board@ key.

+

+If we decide to do this, someone from board could generate the key next

+week at fosdem after the election, save it on usb key for other board

+members, and give the fingerprint to everybody to sign the key.

+

+Any opinions on this ? Or other ideas ? Or comments ?

+

+Nicolas

+

+</PRE>

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+

+ <LI>Next message: <A HREF="002381.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2380">[ date ]</a>

+ <a href="thread.html#2380">[ thread ]</a>

+ <a href="subject.html#2380">[ subject ]</a>

+ <a href="author.html#2380">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C4D4637A4.8030106%40animeneko.net%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002380.html">

+ <LINK REL="Next" HREF="002385.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Motoko-chan</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C4D4637A4.8030106%40animeneko.net%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">motokochan at animeneko.net

+ </A><BR>

+ <I>Mon Jan 31 05:16:36 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002380.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002385.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2381">[ date ]</a>

+ <a href="thread.html#2381">[ thread ]</a>

+ <a href="subject.html#2381">[ subject ]</a>

+ <a href="author.html#2381">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On 01/30/2011 07:16 PM, nicolas vigier wrote:

+&gt;<i> So I propose that we use two keys :

+</I>&gt;<i> - We sign all packages from all repositories using only one key. This

+</I>&gt;<i> key is stored on the buildsystem. We can call it <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org.</A>

+</I>Sounds good to me.

+

+&gt;<i> - We have an other key, that we call <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org.</A> This key is

+</I>&gt;<i> not used on any online server, and is supposed to never be changed,

+</I>&gt;<i> and should not be compromised. Only a few people have a copy of this

+</I>&gt;<i> key (some people from board ?), kept on a usb key hidden somewhere, but

+</I>&gt;<i> not on their laptop or any computer with internet connection. This key

+</I>&gt;<i> is used to sign the key <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org</A> (and revoke it if needed),

+</I>&gt;<i> and other official keys of the project, but never used for anything

+</I>&gt;<i> else (not for receiving encrypted messages). And the signature is

+</I>&gt;<i> sent on public keyservers.

+</I>If possible, using a split key so that no single person can revoke a

+signature or sign a key would be useful. This would prevent attacks

+where an individual might be tricked into signing an attacker's key. It

+would require multiple people to be tricked or have their systems

+compromised to have that key compromised.

+

+

+&gt;<i> - We add the <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org</A> public key inside the urpmi package.

+</I>&gt;<i> We change urpmi so that it refuses to use any key which has not been

+</I>&gt;<i> signed by <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org.</A> And urpmi should frequently update the

+</I>&gt;<i> keys it is using from public keyservers to check that its signature

+</I>&gt;<i> from board@ has not been revoked (or that the key self signature has

+</I>&gt;<i> not been revoked).

+</I>What about third-party repositories, like PLF is to Mandriva? Making

+that change would require that each of those repository owners have

+their key signed to work with the urpmi framework. This could either

+mean the death of urpmi for managing packages, diluting the trust of the

+board@ key, or discouraging outside contributions.

+

+What if urpmi automatically trusts packages signed with a key signed by

+board@ and prompt on the first install of a package that is signed by a

+different key? The yum tool used by Fedora, RHEL, and CentOS works very

+well by prompting on new keys.

+

+

+&gt;<i> - In case we think the packages@ key may have been compromised, or is

+</I>&gt;<i> too old, or we want to change it for any other reason, we revoke the

+</I>&gt;<i> key, and/or revoke the signature from board@ so that it is no

+</I>&gt;<i> longer accepted by urpmi. We create a new key, we sign it with

+</I>&gt;<i> the board@ key and we can start to use this new key.

+</I>Sounds good. I'd almost suggest a new packages signing key for each new

+release that is valid for the supported life of the release plus one

+year. It's a bit more work, but would reduce the damage a key leak would

+cause. Unfortunately, this would bring back the problems of re-signing

+packages when they are turned into a release.

+

+ - Michael

+</PRE>

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002380.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002385.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2381">[ date ]</a>

+ <a href="thread.html#2381">[ thread ]</a>

+ <a href="subject.html#2381">[ subject ]</a>

+ <a href="author.html#2381">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] BS down

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20BS%20down&In-Reply-To=%3C4D4670F5.2040707%40iki.fi%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002394.html">

+ <LINK REL="Next" HREF="002384.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] BS down</H1>

+ <B>Thomas Backlund</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20BS%20down&In-Reply-To=%3C4D4670F5.2040707%40iki.fi%3E"

+ TITLE="[Mageia-dev] BS down">tmb at iki.fi

+ </A><BR>

+ <I>Mon Jan 31 09:21:09 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002394.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002384.html">[Mageia-dev] BS down

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2382">[ date ]</a>

+ <a href="thread.html#2382">[ thread ]</a>

+ <a href="subject.html#2382">[ subject ]</a>

+ <a href="author.html#2382">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>Pascal Terjan skrev 31.1.2011 00:54:

+&gt;<i>

+</I>&gt;<i> All packages have been rebuild, BS should be back in its original state

+</I>&gt;<i>

+</I>

+Have you also re-enabled youri reuploading check ?

+

+--

+Thomas

+

+

+</PRE>

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002394.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002384.html">[Mageia-dev] BS down

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2382">[ date ]</a>

+ <a href="thread.html#2382">[ thread ]</a>

+ <a href="subject.html#2382">[ subject ]</a>

+ <a href="author.html#2382">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] [Mageia-sysadm] Accident

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BMageia-sysadm%5D%20Accident&In-Reply-To=%3CAANLkTimZZD-4rneR%3DfsR%3DYBFA33AfbqTV5%3DQPHAsLftv%40mail.gmail.com%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002384.html">

+ <LINK REL="Next" HREF="002422.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] [Mageia-sysadm] Accident</H1>

+ <B>Thierry Vignaud</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BMageia-sysadm%5D%20Accident&In-Reply-To=%3CAANLkTimZZD-4rneR%3DfsR%3DYBFA33AfbqTV5%3DQPHAsLftv%40mail.gmail.com%3E"

+ TITLE="[Mageia-dev] [Mageia-sysadm] Accident">thierry.vignaud at gmail.com

+ </A><BR>

+ <I>Mon Jan 31 09:49:52 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002384.html">[Mageia-dev] BS down

+</A></li>

+ <LI>Next message: <A HREF="002422.html">[Mageia-dev] Dev Team Call To Action...

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2383">[ date ]</a>

+ <a href="thread.html#2383">[ thread ]</a>

+ <a href="subject.html#2383">[ subject ]</a>

+ <a href="author.html#2383">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On 29 January 2011 20:58, Pascal Terjan &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">pterjan at gmail.com</A>&gt; wrote:

+&gt;<i> Sorry everyone, while removing my tests run on valstar, as that's not

+</I>&gt;<i> the best place for tests, I removed bootsrap repository :(

+</I>&gt;<i> I have stopped the build system and Nanar is sending back his copy of

+</I>&gt;<i> the repository.

+</I>

+So you really want to be slaped with chains on every BS you touch :-) ?

+</PRE>

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002384.html">[Mageia-dev] BS down

+</A></li>

+ <LI>Next message: <A HREF="002422.html">[Mageia-dev] Dev Team Call To Action...

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2383">[ date ]</a>

+ <a href="thread.html#2383">[ thread ]</a>

+ <a href="subject.html#2383">[ subject ]</a>

+ <a href="author.html#2383">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] BS down

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20BS%20down&In-Reply-To=%3CAANLkTi%3DyFnrosS%2B5xGzD%3Do2wGe4%3D432BJ2jbEMXufcuq%40mail.gmail.com%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002382.html">

+ <LINK REL="Next" HREF="002383.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] BS down</H1>

+ <B>Pascal Terjan</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20BS%20down&In-Reply-To=%3CAANLkTi%3DyFnrosS%2B5xGzD%3Do2wGe4%3D432BJ2jbEMXufcuq%40mail.gmail.com%3E"

+ TITLE="[Mageia-dev] BS down">pterjan at gmail.com

+ </A><BR>

+ <I>Mon Jan 31 10:53:39 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002382.html">[Mageia-dev] BS down

+</A></li>

+ <LI>Next message: <A HREF="002383.html">[Mageia-dev] [Mageia-sysadm] Accident

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2384">[ date ]</a>

+ <a href="thread.html#2384">[ thread ]</a>

+ <a href="subject.html#2384">[ subject ]</a>

+ <a href="author.html#2384">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On Mon, Jan 31, 2011 at 08:21, Thomas Backlund &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">tmb at iki.fi</A>&gt; wrote:

+&gt;<i> Pascal Terjan skrev 31.1.2011 00:54:

+</I>&gt;&gt;<i>

+</I>&gt;&gt;<i> All packages have been rebuild, BS should be back in its original state

+</I>&gt;&gt;<i>

+</I>&gt;<i>

+</I>&gt;<i> Have you also re-enabled youri reuploading check ?

+</I>

+Yes that's what I mean by &quot;BS should be back in its original state&quot;

+</PRE>

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002382.html">[Mageia-dev] BS down

+</A></li>

+ <LI>Next message: <A HREF="002383.html">[Mageia-dev] [Mageia-sysadm] Accident

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2384">[ date ]</a>

+ <a href="thread.html#2384">[ thread ]</a>

+ <a href="subject.html#2384">[ subject ]</a>

+ <a href="author.html#2384">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131110233.GA12283%40shikamaru.fr%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002381.html">

+ <LINK REL="Next" HREF="002389.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Remy CLOUARD</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131110233.GA12283%40shikamaru.fr%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">shikamaru at mandriva.org

+ </A><BR>

+ <I>Mon Jan 31 12:02:33 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002381.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002389.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2385">[ date ]</a>

+ <a href="thread.html#2385">[ thread ]</a>

+ <a href="subject.html#2385">[ subject ]</a>

+ <a href="author.html#2385">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On Sun, Jan 30, 2011 at 08:16:36PM -0800, Motoko-chan wrote:

+&gt;<i> On 01/30/2011 07:16 PM, nicolas vigier wrote:

+</I>[...]

+&gt;<i> &gt; - We add the <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org</A> public key inside the urpmi package.

+</I>&gt;<i> &gt; We change urpmi so that it refuses to use any key which has not been

+</I>&gt;<i> &gt; signed by <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org.</A> And urpmi should frequently update the

+</I>&gt;<i> &gt; keys it is using from public keyservers to check that its signature

+</I>&gt;<i> &gt; from board@ has not been revoked (or that the key self signature has

+</I>&gt;<i> &gt; not been revoked).

+</I>&gt;<i> What about third-party repositories, like PLF is to Mandriva? Making

+</I>&gt;<i> that change would require that each of those repository owners have

+</I>&gt;<i> their key signed to work with the urpmi framework. This could either

+</I>&gt;<i> mean the death of urpmi for managing packages, diluting the trust of

+</I>&gt;<i> the board@ key, or discouraging outside contributions.

+</I>&gt;<i>

+</I>Well, not necessarily, third party repos could just provide their keys

+and describe how users should import it. AFAIK, that&#8217;s what&#8217;s done on

+Fedora side with the rpmfusion repo.

+&gt;<i> What if urpmi automatically trusts packages signed with a key signed

+</I>&gt;<i> by board@ and prompt on the first install of a package that is

+</I>&gt;<i> signed by a different key? The yum tool used by Fedora, RHEL, and

+</I>&gt;<i> CentOS works very well by prompting on new keys.

+</I>&gt;<i>

+</I>I&#8217;ve never used guis on Fedora, but for me you could as well install the

+rpm containing the third party keys with yum and the --nogpgcheck

+switch.

+

+I guess this option should be implemented in urpmi for that to work on

+our side.

+

+Regards,

+--

+R&#233;my CLOUARD

+() ascii ribbon campaign - against html e-mail

+/\ www.asciiribbon.org - against proprietary attachments

+-------------- next part --------------

+A non-text attachment was scrubbed...

+Name: not available

+Type: application/pgp-signature

+Size: 230 bytes

+Desc: not available

+URL: &lt;/pipermail/mageia-dev/attachments/20110131/b3308c6b/attachment.asc&gt;

+</PRE>

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002381.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002389.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2385">[ date ]</a>

+ <a href="thread.html#2385">[ thread ]</a>

+ <a href="subject.html#2385">[ subject ]</a>

+ <a href="author.html#2385">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3CAANLkTik8tetqX1DCSp2LAU_qOZEoXVDOZkjCF9Yy0Pae%40mail.gmail.com%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002403.html">

+ <LINK REL="Next" HREF="002387.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Christophe Fergeau</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3CAANLkTik8tetqX1DCSp2LAU_qOZEoXVDOZkjCF9Yy0Pae%40mail.gmail.com%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">cfergeau at gmail.com

+ </A><BR>

+ <I>Mon Jan 31 12:13:04 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002403.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002387.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2386">[ date ]</a>

+ <a href="thread.html#2386">[ thread ]</a>

+ <a href="subject.html#2386">[ subject ]</a>

+ <a href="author.html#2386">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>Hey,

+

+2011/1/31 nicolas vigier &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">boklm at mars-attacks.org</A>&gt;:

+&gt;<i> &#160;- In case we think the packages@ key may have been compromised, or is

+</I>&gt;<i> &#160; too old, or we want to change it for any other reason, we revoke the

+</I>&gt;<i> &#160; key, and/or revoke the signature from board@ so that it is no

+</I>&gt;<i> &#160; longer accepted by urpmi. We create a new key, we sign it with

+</I>&gt;<i> &#160; the board@ key and we can start to use this new key.

+</I>

+Will all existing packages be reviewed and resigned when they key is

+thought to have been compromised? What happens on user systems when

+this is done? Will they have to reinstall all packages signed with the

+new key?

+

+Christophe

+</PRE>

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002403.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002387.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2386">[ date ]</a>

+ <a href="thread.html#2386">[ thread ]</a>

+ <a href="subject.html#2386">[ subject ]</a>

+ <a href="author.html#2386">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131114317.GC10402%40virgo.home.nanardon.zarb.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002386.html">

+ <LINK REL="Next" HREF="002388.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Olivier Thauvin</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131114317.GC10402%40virgo.home.nanardon.zarb.org%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">nanardon at nanardon.zarb.org

+ </A><BR>

+ <I>Mon Jan 31 12:43:17 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002386.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002388.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2387">[ date ]</a>

+ <a href="thread.html#2387">[ thread ]</a>

+ <a href="subject.html#2387">[ subject ]</a>

+ <a href="author.html#2387">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>* Christophe Fergeau (<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">cfergeau at gmail.com</A>) wrote:

+&gt;<i> Hey,

+</I>&gt;<i>

+</I>&gt;<i> 2011/1/31 nicolas vigier &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">boklm at mars-attacks.org</A>&gt;:

+</I>&gt;<i> &gt; &#160;- In case we think the packages@ key may have been compromised, or is

+</I>&gt;<i> &gt; &#160; too old, or we want to change it for any other reason, we revoke the

+</I>&gt;<i> &gt; &#160; key, and/or revoke the signature from board@ so that it is no

+</I>&gt;<i> &gt; &#160; longer accepted by urpmi. We create a new key, we sign it with

+</I>&gt;<i> &gt; &#160; the board@ key and we can start to use this new key.

+</I>&gt;<i>

+</I>&gt;<i> Will all existing packages be reviewed and resigned when they key is

+</I>&gt;<i> thought to have been compromised? What happens on user systems when

+</I>&gt;<i> this is done? Will they have to reinstall all packages signed with the

+</I>&gt;<i> new key?

+</I>

+Re-signing packages will not change their name-evr-arch, so on urpmi/rpm

+side packages does not have to be updated. But from a user point of view

+they installed packages (then checked it) before the compromission, ie

+when packages were trustable.

+

+So in case of compromission packages must be resigned but I don't think

+users have to reinstall it as their content won't changes.

+

+In the case a packages is compromised (a package with malware is

+introduced on the mirror) then we'll have to provide an update with a

+clean package and in this specific case users will have to update it.

+

+&gt;<i>

+</I>&gt;<i> Christophe

+</I>--

+

+Olivier Thauvin

+CNRS - LATMOS

+&#9814; &#9816; &#9815; &#9813; &#9812; &#9815; &#9816; &#9814;

+-------------- next part --------------

+A non-text attachment was scrubbed...

+Name: not available

+Type: application/pgp-signature

+Size: 197 bytes

+Desc: not available

+URL: &lt;/pipermail/mageia-dev/attachments/20110131/4b41d3ff/attachment.asc&gt;

+</PRE>

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002386.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002388.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2387">[ date ]</a>

+ <a href="thread.html#2387">[ thread ]</a>

+ <a href="subject.html#2387">[ subject ]</a>

+ <a href="author.html#2387">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C1296485834.12892.27.camel%40akroma.ephaone.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002387.html">

+ <LINK REL="Next" HREF="002394.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Michael Scherer</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C1296485834.12892.27.camel%40akroma.ephaone.org%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">misc at zarb.org

+ </A><BR>

+ <I>Mon Jan 31 15:57:14 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002387.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002394.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2388">[ date ]</a>

+ <a href="thread.html#2388">[ thread ]</a>

+ <a href="subject.html#2388">[ subject ]</a>

+ <a href="author.html#2388">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>Le lundi 31 janvier 2011 &#224; 04:16 +0100, nicolas vigier a &#233;crit :

+&gt;<i> Hello,

+</I>&gt;<i>

+</I>&gt;<i> Now that we have a working build system, we need to setup the last part,

+</I>&gt;<i> which is package signing. And for this we need a GPG key. So it's time

+</I>&gt;<i> to decide on some policy about PGP keys.

+</I>&gt;<i>

+</I>

+&gt;<i> - keys stored on the build system were not secure (all contributors and

+</I>&gt;<i> apprentice had shell access on the build system and could easily become

+</I>&gt;<i> root using iurt or other techniques, and then access the secret keys).

+</I>

+Mhh, the keys are stored on raoh, and no one except few selected people

+had access ( granted, there was some flaws since I know someone who

+managed to get access one day despite not being authorized ).

+

+

+&gt;<i> So I propose that we use two keys :

+</I>&gt;<i> - We sign all packages from all repositories using only one key. This

+</I>&gt;<i> key is stored on the buildsystem. We can call it <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org.</A>

+</I>&gt;<i> - We have an other key, that we call <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org.</A> This key is

+</I>&gt;<i> not used on any online server, and is supposed to never be changed,

+</I>&gt;<i> and should not be compromised. Only a few people have a copy of this

+</I>&gt;<i> key (some people from board ?), kept on a usb key hidden somewhere, but

+</I>&gt;<i> not on their laptop or any computer with internet connection. This key

+</I>&gt;<i> is used to sign the key <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org</A> (and revoke it if needed),

+</I>&gt;<i> and other official keys of the project, but never used for anything

+</I>&gt;<i> else (not for receiving encrypted messages). And the signature is

+</I>&gt;<i> sent on public keyservers.

+</I>

+If we want to sign the key, we will have a network connection, no ?

+

+

+&gt;<i> - We add the <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org</A> public key inside the urpmi package.

+</I>&gt;<i> We change urpmi so that it refuses to use any key which has not been

+</I>&gt;<i> signed by <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org.</A> And urpmi should frequently update the

+</I>&gt;<i> keys it is using from public keyservers to check that its signature

+</I>&gt;<i> from board@ has not been revoked (or that the key self signature has

+</I>&gt;<i> not been revoked).

+</I>

+&gt;<i> - In case we think the packages@ key may have been compromised, or is

+</I>&gt;<i> too old, or we want to change it for any other reason, we revoke the

+</I>&gt;<i> key, and/or revoke the signature from board@ so that it is no

+</I>&gt;<i> longer accepted by urpmi. We create a new key, we sign it with

+</I>&gt;<i> the board@ key and we can start to use this new key.

+</I>

+Since computer get faster days and days ( until the days you buy them ),

+and there is new cryptographic techniques found each year. So it seems

+to me quite sane to change the keys every 2/3 years. More often mean

+that we will forget how we did, and too often could be bad ( even if

+IMHO, one key per release would be nice but maybe overkill ).

+

+This way, we can check the procedure is working, we will have a robust

+key, following up to date requirements of security. And we can fix

+problem if any without having the pressure of &quot;the key got compromised&quot;.

+

+

+

+&gt;<i> In this thread :

+</I>&gt;<i> <A HREF="https://www.mageia.org/pipermail/mageia-dev/20110128/002363.html">https://www.mageia.org/pipermail/mageia-dev/20110128/002363.html</A>

+</I>&gt;<i> misc proposed that we publish tarballs of our software on the mirrors,

+</I>&gt;<i> and sign them using a pgp key. So we need a key for that. We also want

+</I>&gt;<i> to sign ISOs, maybe with a different key. So I think we can do the same

+</I>&gt;<i> as for packages key, we create new keys for software releases and for

+</I>&gt;<i> ISOs, and we sign those keys with the board@ key. And we can tell

+</I>&gt;<i> everybody that all files released by the project are always signed by

+</I>&gt;<i> a key that was signed by the board@ key.

+</I>

+Yup. I would also go on making sure the key is signed ( web of trust,

+etc ).

+

+&gt;<i> If we decide to do this, someone from board could generate the key next

+</I>&gt;<i> week at fosdem after the election, save it on usb key for other board

+</I>&gt;<i> members, and give the fingerprint to everybody to sign the key.

+</I>

+I would rather make sure that the key cannot be used by only one board

+member. Not that I do not trust people for that ( they are the board

+after all ), but it would be safer to have it distributed and resilient

+if someone steal the key ( like a burglar, etc ).

+

+Maybe have it password protected should be sufficient ( except if people

+forget that password, or stick it to the key ).

+

+Pascal proposed to use <A HREF="https://store.ironkey.com/personal">https://store.ironkey.com/personal</A> , on the

+thread

+<A HREF="https://www.mageia.org/pipermail/mageia-sysadm/2011-January/002155.html">https://www.mageia.org/pipermail/mageia-sysadm/2011-January/002155.html</A>

+

+Another last solution to prevent theft would to use shamir secret

+sharing ( as also said in the other thread, but maybe I am too insistant

+on this wonderful cryptographic invention ). This way, people would have

+to steal several part of the file to get something usable.

+( for Harry Potter fan, think of horcruxes )

+

+

+And also, I think we should routinely make sure the key is readable

+( ie, that people know where it is, and the support is still good ), so

+we do not discover one day that half the key keeper lost the key while

+moving, thinking someone else had it, and the other half stored it near

+magnet, rendering it unreadable.

+

+And make sure the key is not sent as cleartext on the web too.

+

+--

+Michael Scherer

+

+</PRE>

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002387.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002394.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2388">[ date ]</a>

+ <a href="thread.html#2388">[ thread ]</a>

+ <a href="subject.html#2388">[ subject ]</a>

+ <a href="author.html#2388">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131150355.GH21938%40mars-attacks.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002385.html">

+ <LINK REL="Next" HREF="002390.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>nicolas vigier</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131150355.GH21938%40mars-attacks.org%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">boklm at mars-attacks.org

+ </A><BR>

+ <I>Mon Jan 31 16:03:55 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002385.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002390.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2389">[ date ]</a>

+ <a href="thread.html#2389">[ thread ]</a>

+ <a href="subject.html#2389">[ subject ]</a>

+ <a href="author.html#2389">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On Sun, 30 Jan 2011, Motoko-chan wrote:

+

+&gt;<i> On 01/30/2011 07:16 PM, nicolas vigier wrote:

+</I>&gt;&gt;<i> So I propose that we use two keys :

+</I>&gt;&gt;<i> - We sign all packages from all repositories using only one key. This

+</I>&gt;&gt;<i> key is stored on the buildsystem. We can call it <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org.</A>

+</I>&gt;<i> Sounds good to me.

+</I>&gt;<i>

+</I>&gt;&gt;<i> - We have an other key, that we call <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org.</A> This key is

+</I>&gt;&gt;<i> not used on any online server, and is supposed to never be changed,

+</I>&gt;&gt;<i> and should not be compromised. Only a few people have a copy of this

+</I>&gt;&gt;<i> key (some people from board ?), kept on a usb key hidden somewhere, but

+</I>&gt;&gt;<i> not on their laptop or any computer with internet connection. This key

+</I>&gt;&gt;<i> is used to sign the key <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org</A> (and revoke it if needed),

+</I>&gt;&gt;<i> and other official keys of the project, but never used for anything

+</I>&gt;&gt;<i> else (not for receiving encrypted messages). And the signature is

+</I>&gt;&gt;<i> sent on public keyservers.

+</I>&gt;<i> If possible, using a split key so that no single person can revoke a

+</I>&gt;<i> signature or sign a key would be useful. This would prevent attacks where

+</I>&gt;<i> an individual might be tricked into signing an attacker's key. It would

+</I>&gt;<i> require multiple people to be tricked or have their systems compromised to

+</I>&gt;<i> have that key compromised.

+</I>

+Yes, we could do something like that. Maybe each board member could have

+a copy of the key, but encrypted with the key of all other board members,

+so that it requires two people to access the key ? Or the people who

+have the key don't know the passphrase, and the people who know the

+passphrase don't have the key ?

+However we should also try to do something simple, to avoid losing

+access to the key because it's too complicate.

+

+&gt;&gt;<i> - We add the <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org</A> public key inside the urpmi package.

+</I>&gt;&gt;<i> We change urpmi so that it refuses to use any key which has not been

+</I>&gt;&gt;<i> signed by <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org.</A> And urpmi should frequently update the

+</I>&gt;&gt;<i> keys it is using from public keyservers to check that its signature

+</I>&gt;&gt;<i> from board@ has not been revoked (or that the key self signature has

+</I>&gt;&gt;<i> not been revoked).

+</I>&gt;<i> What about third-party repositories, like PLF is to Mandriva? Making that

+</I>&gt;<i> change would require that each of those repository owners have their key

+</I>&gt;<i> signed to work with the urpmi framework. This could either mean the death

+</I>&gt;<i> of urpmi for managing packages, diluting the trust of the board@ key, or

+</I>&gt;<i> discouraging outside contributions.

+</I>&gt;<i>

+</I>&gt;<i> What if urpmi automatically trusts packages signed with a key signed by

+</I>&gt;<i> board@ and prompt on the first install of a package that is signed by a

+</I>&gt;<i> different key? The yum tool used by Fedora, RHEL, and CentOS works very

+</I>&gt;<i> well by prompting on new keys.

+</I>

+For PLF packages, they will now be included on Mageia repository, so

+most users should not need to use external repositories. However we

+can add an option or prompt to disable this check, or an option to

+manually add a new trusted key. As long as it's not automatically

+downloaded from the mirror without asking for any confirmation.

+

+&gt;&gt;<i> - In case we think the packages@ key may have been compromised, or is

+</I>&gt;&gt;<i> too old, or we want to change it for any other reason, we revoke the

+</I>&gt;&gt;<i> key, and/or revoke the signature from board@ so that it is no

+</I>&gt;&gt;<i> longer accepted by urpmi. We create a new key, we sign it with

+</I>&gt;&gt;<i> the board@ key and we can start to use this new key.

+</I>&gt;<i> Sounds good. I'd almost suggest a new packages signing key for each new

+</I>&gt;<i> release that is valid for the supported life of the release plus one year.

+</I>&gt;<i> It's a bit more work, but would reduce the damage a key leak would cause.

+</I>&gt;<i> Unfortunately, this would bring back the problems of re-signing packages

+</I>&gt;<i> when they are turned into a release.

+</I>

+I think we should avoid keys with expiration date because :

+ - maybe we will want to extend supported life of the release

+ - some people may want to continue using the release after end of life

+ - I don't think using expiration date reduce the damage of a leaked

+ key. If the key is leaked, we revoke it (or its signature) immediatly

+ on all key servers, which should be faster than waiting for the key to

+ expire. And replacing an expired key is not more simple than replacing

+ a revoked key.

+

+About signing each release with a different key, as they are signed from

+the same server, if a key is leaked, the others are likely to be leaked

+too, so I don't think it's very useful to use different keys.

+

+</PRE>

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002385.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002390.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2389">[ date ]</a>

+ <a href="thread.html#2389">[ thread ]</a>

+ <a href="subject.html#2389">[ subject ]</a>

+ <a href="author.html#2389">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3CAANLkTikVwCHA%3DLaKJC6_hUcQSKofeS5oxZBcdW2rFo84%40mail.gmail.com%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002389.html">

+ <LINK REL="Next" HREF="002391.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Thierry Vignaud</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3CAANLkTikVwCHA%3DLaKJC6_hUcQSKofeS5oxZBcdW2rFo84%40mail.gmail.com%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">thierry.vignaud at gmail.com

+ </A><BR>

+ <I>Mon Jan 31 16:38:27 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002389.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002391.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2390">[ date ]</a>

+ <a href="thread.html#2390">[ thread ]</a>

+ <a href="subject.html#2390">[ subject ]</a>

+ <a href="author.html#2390">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On 31 January 2011 16:03, nicolas vigier &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">boklm at mars-attacks.org</A>&gt; wrote:

+&gt;&gt;<i> What if urpmi automatically trusts packages signed with a key signed by

+</I>&gt;&gt;<i> board@ and prompt on the first install of a package that is signed by a

+</I>&gt;&gt;<i> different key? The yum tool used by Fedora, RHEL, and CentOS works very

+</I>&gt;&gt;<i> well by prompting on new keys.

+</I>&gt;<i>

+</I>&gt;<i> For PLF packages, they will now be included on Mageia repository, so

+</I>&gt;<i> most users should not need to use external repositories. However we

+</I>&gt;<i> can add an option or prompt to disable this check, or an option to

+</I>&gt;<i> manually add a new trusted key. As long as it's not automatically

+</I>&gt;<i> downloaded from the mirror without asking for any confirmation.

+</I>

+uh? what about patents?

+unless it's a separate repo ?

+</PRE>

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002389.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002391.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2390">[ date ]</a>

+ <a href="thread.html#2390">[ thread ]</a>

+ <a href="subject.html#2390">[ subject ]</a>

+ <a href="author.html#2390">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131154259.GI21938%40mars-attacks.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002390.html">

+ <LINK REL="Next" HREF="002392.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>nicolas vigier</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131154259.GI21938%40mars-attacks.org%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">boklm at mars-attacks.org

+ </A><BR>

+ <I>Mon Jan 31 16:42:59 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002390.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002392.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2391">[ date ]</a>

+ <a href="thread.html#2391">[ thread ]</a>

+ <a href="subject.html#2391">[ subject ]</a>

+ <a href="author.html#2391">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On Mon, 31 Jan 2011, Thierry Vignaud wrote:

+

+&gt;<i> On 31 January 2011 16:03, nicolas vigier &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">boklm at mars-attacks.org</A>&gt; wrote:

+</I>&gt;<i> &gt;&gt; What if urpmi automatically trusts packages signed with a key signed by

+</I>&gt;<i> &gt;&gt; board@ and prompt on the first install of a package that is signed by a

+</I>&gt;<i> &gt;&gt; different key? The yum tool used by Fedora, RHEL, and CentOS works very

+</I>&gt;<i> &gt;&gt; well by prompting on new keys.

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; For PLF packages, they will now be included on Mageia repository, so

+</I>&gt;<i> &gt; most users should not need to use external repositories. However we

+</I>&gt;<i> &gt; can add an option or prompt to disable this check, or an option to

+</I>&gt;<i> &gt; manually add a new trusted key. As long as it's not automatically

+</I>&gt;<i> &gt; downloaded from the mirror without asking for any confirmation.

+</I>&gt;<i>

+</I>&gt;<i> uh? what about patents?

+</I>&gt;<i> unless it's a separate repo ?

+</I>

+Yes, it's a separate repository, the tainted repository :

+<A HREF="http://www.mageia.org/wiki/doku.php?id=mirrors_policy">http://www.mageia.org/wiki/doku.php?id=mirrors_policy</A>

+

+</PRE>

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002390.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002392.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2391">[ date ]</a>

+ <a href="thread.html#2391">[ thread ]</a>

+ <a href="subject.html#2391">[ subject ]</a>

+ <a href="author.html#2391">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3CAANLkTin2YjfFXnb0MwA9w%3Da4VJfWXTdrZ3On93NBT_ap%40mail.gmail.com%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002391.html">

+ <LINK REL="Next" HREF="002395.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Christophe Fergeau</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3CAANLkTin2YjfFXnb0MwA9w%3Da4VJfWXTdrZ3On93NBT_ap%40mail.gmail.com%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">cfergeau at gmail.com

+ </A><BR>

+ <I>Mon Jan 31 17:08:01 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002391.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002395.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2392">[ date ]</a>

+ <a href="thread.html#2392">[ thread ]</a>

+ <a href="subject.html#2392">[ subject ]</a>

+ <a href="author.html#2392">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>2011/1/31 nicolas vigier &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">boklm at mars-attacks.org</A>&gt;:

+&gt;<i> On Sun, 30 Jan 2011, Motoko-chan wrote:

+</I>&gt;&gt;<i> What if urpmi automatically trusts packages signed with a key signed by

+</I>&gt;&gt;<i> board@ and prompt on the first install of a package that is signed by a

+</I>&gt;&gt;<i> different key? The yum tool used by Fedora, RHEL, and CentOS works very

+</I>&gt;&gt;<i> well by prompting on new keys.

+</I>&gt;<i>

+</I>&gt;<i> For PLF packages, they will now be included on Mageia repository, so

+</I>&gt;<i> most users should not need to use external repositories. However we

+</I>&gt;<i> can add an option or prompt to disable this check, or an option to

+</I>&gt;<i> manually add a new trusted key. As long as it's not automatically

+</I>&gt;<i> downloaded from the mirror without asking for any confirmation.

+</I>

+You definitely want to let people set up their own local package

+repositories or to use 3rd party repositories, for example I did it

+sometimes at Mandriva for some tests, and I want to do it again for

+internal work/proprietary packages. I'm ok with having rpm/urpmi

+telling you you're about to install packages with an unknown

+signature/... as long as you can override it and tell it to let you

+install the package.

+

+Christophe

+</PRE>

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002391.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002395.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2392">[ date ]</a>

+ <a href="thread.html#2392">[ thread ]</a>

+ <a href="subject.html#2392">[ subject ]</a>

+ <a href="author.html#2392">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C1296490705.12892.41.camel%40akroma.ephaone.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002400.html">

+ <LINK REL="Next" HREF="002396.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Michael Scherer</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C1296490705.12892.41.camel%40akroma.ephaone.org%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">misc at zarb.org

+ </A><BR>

+ <I>Mon Jan 31 17:18:25 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002400.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002396.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2393">[ date ]</a>

+ <a href="thread.html#2393">[ thread ]</a>

+ <a href="subject.html#2393">[ subject ]</a>

+ <a href="author.html#2393">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>Le lundi 31 janvier 2011 &#224; 16:03 +0100, nicolas vigier a &#233;crit :

+&gt;<i> On Sun, 30 Jan 2011, Motoko-chan wrote:

+</I>&gt;<i>

+</I>&gt;<i> &gt; If possible, using a split key so that no single person can revoke a

+</I>&gt;<i> &gt; signature or sign a key would be useful. This would prevent attacks where

+</I>&gt;<i> &gt; an individual might be tricked into signing an attacker's key. It would

+</I>&gt;<i> &gt; require multiple people to be tricked or have their systems compromised to

+</I>&gt;<i> &gt; have that key compromised.

+</I>&gt;<i>

+</I>&gt;<i> Yes, we could do something like that. Maybe each board member could have

+</I>&gt;<i> a copy of the key, but encrypted with the key of all other board members,

+</I>&gt;<i> so that it requires two people to access the key ? Or the people who

+</I>&gt;<i> have the key don't know the passphrase, and the people who know the

+</I>&gt;<i> passphrase don't have the key ?

+</I>

+Like : <A HREF="http://point-at-infinity.org/ssss">http://point-at-infinity.org/ssss</A> ?

+

+Too bad it doesn't seems to be much maintained :/

+

+

+&gt;<i> &gt;&gt; - In case we think the packages@ key may have been compromised, or is

+</I>&gt;<i> &gt;&gt; too old, or we want to change it for any other reason, we revoke the

+</I>&gt;<i> &gt;&gt; key, and/or revoke the signature from board@ so that it is no

+</I>&gt;<i> &gt;&gt; longer accepted by urpmi. We create a new key, we sign it with

+</I>&gt;<i> &gt;&gt; the board@ key and we can start to use this new key.

+</I>&gt;<i> &gt; Sounds good. I'd almost suggest a new packages signing key for each new

+</I>&gt;<i> &gt; release that is valid for the supported life of the release plus one year.

+</I>&gt;<i> &gt; It's a bit more work, but would reduce the damage a key leak would cause.

+</I>&gt;<i> &gt; Unfortunately, this would bring back the problems of re-signing packages

+</I>&gt;<i> &gt; when they are turned into a release.

+</I>&gt;<i>

+</I>&gt;<i> I think we should avoid keys with expiration date because :

+</I>&gt;<i> - maybe we will want to extend supported life of the release

+</I>&gt;<i> - some people may want to continue using the release after end of life

+</I>

+We can 1) have a long enough expiration date ( but EOL + 1y seems quite

+enough IMHO )

+2) push unexpired keys before it is too late if needed ( I routinely

+push my key after extending the expiration date ).

+

+And people should be able to force a bypass of the system of course, but

+they will be on their own ( ie, that's quite the definition of EOL ).

+And this should be documented, and easy to do ( but warn people without

+harrassing too much can be quite difficult ).

+

+We can also say that we erase the keys once it is not planned to be used

+anymore, so we would no longer care about protecting them ( ie, we say

+the key is expired for good, and that's all ).

+

+&gt;<i> - I don't think using expiration date reduce the damage of a leaked

+</I>&gt;<i> key. If the key is leaked, we revoke it (or its signature) immediatly

+</I>&gt;<i> on all key servers, which should be faster than waiting for the key to

+</I>&gt;<i> expire. And replacing an expired key is not more simple than replacing

+</I>&gt;<i> a revoked key.

+</I>

+The problem is not leaking the key, it is about cryptographic attacks

+about older keys.

+

+If in 10 years, there is some technology that allows people to get our

+private key by bruteforce on the public one, if it is expired, attackers

+will not be able to use it even if they have it. Since the plan is to

+say &quot;every key signed is valid&quot;, then we are potentially screwed if a

+old key is compromised offline.

+

+--

+Michael Scherer

+

+</PRE>

+

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002400.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002396.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2393">[ date ]</a>

+ <a href="thread.html#2393">[ thread ]</a>

+ <a href="subject.html#2393">[ subject ]</a>

+ <a href="author.html#2393">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131165111.GJ21938%40mars-attacks.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002388.html">

+ <LINK REL="Next" HREF="002382.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>nicolas vigier</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131165111.GJ21938%40mars-attacks.org%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">boklm at mars-attacks.org

+ </A><BR>

+ <I>Mon Jan 31 17:51:11 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002388.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002382.html">[Mageia-dev] BS down

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2394">[ date ]</a>

+ <a href="thread.html#2394">[ thread ]</a>

+ <a href="subject.html#2394">[ subject ]</a>

+ <a href="author.html#2394">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On Mon, 31 Jan 2011, Michael Scherer wrote:

+

+&gt;<i> &gt; So I propose that we use two keys :

+</I>&gt;<i> &gt; - We sign all packages from all repositories using only one key. This

+</I>&gt;<i> &gt; key is stored on the buildsystem. We can call it <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org.</A>

+</I>&gt;<i> &gt; - We have an other key, that we call <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">board at mageia.org.</A> This key is

+</I>&gt;<i> &gt; not used on any online server, and is supposed to never be changed,

+</I>&gt;<i> &gt; and should not be compromised. Only a few people have a copy of this

+</I>&gt;<i> &gt; key (some people from board ?), kept on a usb key hidden somewhere, but

+</I>&gt;<i> &gt; not on their laptop or any computer with internet connection. This key

+</I>&gt;<i> &gt; is used to sign the key <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">packages at mageia.org</A> (and revoke it if needed),

+</I>&gt;<i> &gt; and other official keys of the project, but never used for anything

+</I>&gt;<i> &gt; else (not for receiving encrypted messages). And the signature is

+</I>&gt;<i> &gt; sent on public keyservers.

+</I>&gt;<i>

+</I>&gt;<i> If we want to sign the key, we will have a network connection, no ?

+</I>

+We can sign it, and copy the signed key on an other computer to upload

+it. Doing something like this :

+ - We have Computer A with internet connection.

+ - We have Computer B without internet connection, running on a livecd

+ with tmpfs

+ - On computer A: we download the packages@ public key, and the public

+ key of all board members (if needed), and save this on a USB key

+ - On computer B: we use the USB key to import all public keys in keyring

+ - On computer B: We generate the board@ key

+ - On computer B: We sign the packages@ key using board@ key

+ - On computer B: We save the signed packages@ key, and public board@

+ key on the USB key

+ - On computer A: We use the USB key to upload the signed packages@ key,

+ and board@ key on keyservers

+ - On computer B: We encrypt the board@ private key using public key of

+ board members or shamir secret sharing, and copy the encrypted files on

+ USB keys to give them to board members

+ - We destroy computer B (or alternatively we simply turn it off to

+ remove tmpfs)

+

+&gt;<i> &gt; If we decide to do this, someone from board could generate the key next

+</I>&gt;<i> &gt; week at fosdem after the election, save it on usb key for other board

+</I>&gt;<i> &gt; members, and give the fingerprint to everybody to sign the key.

+</I>&gt;<i>

+</I>&gt;<i> I would rather make sure that the key cannot be used by only one board

+</I>&gt;<i> member. Not that I do not trust people for that ( they are the board

+</I>&gt;<i> after all ), but it would be safer to have it distributed and resilient

+</I>&gt;<i> if someone steal the key ( like a burglar, etc ).

+</I>&gt;<i>

+</I>&gt;<i> Maybe have it password protected should be sufficient ( except if people

+</I>&gt;<i> forget that password, or stick it to the key ).

+</I>&gt;<i>

+</I>&gt;<i> Pascal proposed to use <A HREF="https://store.ironkey.com/personal">https://store.ironkey.com/personal</A> , on the

+</I>&gt;<i> thread

+</I>&gt;<i> <A HREF="https://www.mageia.org/pipermail/mageia-sysadm/2011-January/002155.html">https://www.mageia.org/pipermail/mageia-sysadm/2011-January/002155.html</A>

+</I>&gt;<i>

+</I>&gt;<i> Another last solution to prevent theft would to use shamir secret

+</I>&gt;<i> sharing ( as also said in the other thread, but maybe I am too insistant

+</I>&gt;<i> on this wonderful cryptographic invention ). This way, people would have

+</I>&gt;<i> to steal several part of the file to get something usable.

+</I>&gt;<i> ( for Harry Potter fan, think of horcruxes )

+</I>

+Oops, I should have mentioned this thread in the 1st mail (but didn't

+find it yesterday).

+

+&gt;<i> And also, I think we should routinely make sure the key is readable

+</I>&gt;<i> ( ie, that people know where it is, and the support is still good ), so

+</I>&gt;<i> we do not discover one day that half the key keeper lost the key while

+</I>&gt;<i> moving, thinking someone else had it, and the other half stored it near

+</I>&gt;<i> magnet, rendering it unreadable.

+</I>

+Maybe we could test it every year at fosdem ?

+

+</PRE>

+

+

+

+

+

+

+

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002388.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002382.html">[Mageia-dev] BS down

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2394">[ date ]</a>

+ <a href="thread.html#2394">[ thread ]</a>

+ <a href="subject.html#2394">[ subject ]</a>

+ <a href="author.html#2394">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131170116.GK21938%40mars-attacks.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002392.html">

+ <LINK REL="Next" HREF="002400.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>nicolas vigier</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131170116.GK21938%40mars-attacks.org%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">boklm at mars-attacks.org

+ </A><BR>

+ <I>Mon Jan 31 18:01:16 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002392.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002400.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2395">[ date ]</a>

+ <a href="thread.html#2395">[ thread ]</a>

+ <a href="subject.html#2395">[ subject ]</a>

+ <a href="author.html#2395">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On Mon, 31 Jan 2011, Christophe Fergeau wrote:

+

+&gt;<i> 2011/1/31 nicolas vigier &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">boklm at mars-attacks.org</A>&gt;:

+</I>&gt;<i> &gt; On Sun, 30 Jan 2011, Motoko-chan wrote:

+</I>&gt;<i> &gt;&gt; What if urpmi automatically trusts packages signed with a key signed by

+</I>&gt;<i> &gt;&gt; board@ and prompt on the first install of a package that is signed by a

+</I>&gt;<i> &gt;&gt; different key? The yum tool used by Fedora, RHEL, and CentOS works very

+</I>&gt;<i> &gt;&gt; well by prompting on new keys.

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; For PLF packages, they will now be included on Mageia repository, so

+</I>&gt;<i> &gt; most users should not need to use external repositories. However we

+</I>&gt;<i> &gt; can add an option or prompt to disable this check, or an option to

+</I>&gt;<i> &gt; manually add a new trusted key. As long as it's not automatically

+</I>&gt;<i> &gt; downloaded from the mirror without asking for any confirmation.

+</I>&gt;<i>

+</I>&gt;<i> You definitely want to let people set up their own local package

+</I>&gt;<i> repositories or to use 3rd party repositories, for example I did it

+</I>&gt;<i> sometimes at Mandriva for some tests, and I want to do it again for

+</I>&gt;<i> internal work/proprietary packages. I'm ok with having rpm/urpmi

+</I>&gt;<i> telling you you're about to install packages with an unknown

+</I>&gt;<i> signature/... as long as you can override it and tell it to let you

+</I>&gt;<i> install the package.

+</I>

+Yes, we should add an option somewhere to allow this.

+

+</PRE>

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002392.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002400.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2395">[ date ]</a>

+ <a href="thread.html#2395">[ thread ]</a>

+ <a href="subject.html#2395">[ subject ]</a>

+ <a href="author.html#2395">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131172646.GL21938%40mars-attacks.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002393.html">

+ <LINK REL="Next" HREF="002397.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>nicolas vigier</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131172646.GL21938%40mars-attacks.org%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">boklm at mars-attacks.org

+ </A><BR>

+ <I>Mon Jan 31 18:26:46 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002393.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002397.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2396">[ date ]</a>

+ <a href="thread.html#2396">[ thread ]</a>

+ <a href="subject.html#2396">[ subject ]</a>

+ <a href="author.html#2396">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On Mon, 31 Jan 2011, Michael Scherer wrote:

+

+&gt;<i> Le lundi 31 janvier 2011 &#224; 16:03 +0100, nicolas vigier a &#233;crit :

+</I>&gt;<i> &gt; On Sun, 30 Jan 2011, Motoko-chan wrote:

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; &gt; If possible, using a split key so that no single person can revoke a

+</I>&gt;<i> &gt; &gt; signature or sign a key would be useful. This would prevent attacks where

+</I>&gt;<i> &gt; &gt; an individual might be tricked into signing an attacker's key. It would

+</I>&gt;<i> &gt; &gt; require multiple people to be tricked or have their systems compromised to

+</I>&gt;<i> &gt; &gt; have that key compromised.

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; Yes, we could do something like that. Maybe each board member could have

+</I>&gt;<i> &gt; a copy of the key, but encrypted with the key of all other board members,

+</I>&gt;<i> &gt; so that it requires two people to access the key ? Or the people who

+</I>&gt;<i> &gt; have the key don't know the passphrase, and the people who know the

+</I>&gt;<i> &gt; passphrase don't have the key ?

+</I>&gt;<i>

+</I>&gt;<i> Like : <A HREF="http://point-at-infinity.org/ssss">http://point-at-infinity.org/ssss</A> ?

+</I>&gt;<i>

+</I>&gt;<i> Too bad it doesn't seems to be much maintained :/

+</I>

+Interesting.

+

+&gt;<i> &gt; &gt;&gt; - In case we think the packages@ key may have been compromised, or is

+</I>&gt;<i> &gt; &gt;&gt; too old, or we want to change it for any other reason, we revoke the

+</I>&gt;<i> &gt; &gt;&gt; key, and/or revoke the signature from board@ so that it is no

+</I>&gt;<i> &gt; &gt;&gt; longer accepted by urpmi. We create a new key, we sign it with

+</I>&gt;<i> &gt; &gt;&gt; the board@ key and we can start to use this new key.

+</I>&gt;<i> &gt; &gt; Sounds good. I'd almost suggest a new packages signing key for each new

+</I>&gt;<i> &gt; &gt; release that is valid for the supported life of the release plus one year.

+</I>&gt;<i> &gt; &gt; It's a bit more work, but would reduce the damage a key leak would cause.

+</I>&gt;<i> &gt; &gt; Unfortunately, this would bring back the problems of re-signing packages

+</I>&gt;<i> &gt; &gt; when they are turned into a release.

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; I think we should avoid keys with expiration date because :

+</I>&gt;<i> &gt; - maybe we will want to extend supported life of the release

+</I>&gt;<i> &gt; - some people may want to continue using the release after end of life

+</I>&gt;<i>

+</I>&gt;<i> We can 1) have a long enough expiration date ( but EOL + 1y seems quite

+</I>&gt;<i> enough IMHO )

+</I>&gt;<i> 2) push unexpired keys before it is too late if needed ( I routinely

+</I>&gt;<i> push my key after extending the expiration date ).

+</I>

+Pushing new unexpired keys also means we need to resign all old packages

+if we want them to be installable. So that's not something we want to do

+too often if it's not needed.

+

+&gt;<i> And people should be able to force a bypass of the system of course, but

+</I>&gt;<i> they will be on their own ( ie, that's quite the definition of EOL ).

+</I>&gt;<i> And this should be documented, and easy to do ( but warn people without

+</I>&gt;<i> harrassing too much can be quite difficult ).

+</I>&gt;<i>

+</I>&gt;<i> We can also say that we erase the keys once it is not planned to be used

+</I>&gt;<i> anymore, so we would no longer care about protecting them ( ie, we say

+</I>&gt;<i> the key is expired for good, and that's all ).

+</I>

+If we decide that a key won't be used anymore, and don't want to care

+about protecting it, I think we should revoke it (or its signature) as

+soon as possible, instead of waiting for it to expire.

+

+I think the only use of expiration date would be if one day all

+known keyservers are down and never come back (I think it's unlikely to

+happen, or we will also have other problems), or we lose all private

+keys, so we can't revoke them or their signature. But if we lose all

+private keys, we will also have other problems (like not being able to

+sign a new key), so we should avoid it.

+

+&gt;<i> &gt; - I don't think using expiration date reduce the damage of a leaked

+</I>&gt;<i> &gt; key. If the key is leaked, we revoke it (or its signature) immediatly

+</I>&gt;<i> &gt; on all key servers, which should be faster than waiting for the key to

+</I>&gt;<i> &gt; expire. And replacing an expired key is not more simple than replacing

+</I>&gt;<i> &gt; a revoked key.

+</I>&gt;<i>

+</I>&gt;<i> The problem is not leaking the key, it is about cryptographic attacks

+</I>&gt;<i> about older keys.

+</I>&gt;<i>

+</I>&gt;<i> If in 10 years, there is some technology that allows people to get our

+</I>&gt;<i> private key by bruteforce on the public one, if it is expired, attackers

+</I>&gt;<i> will not be able to use it even if they have it. Since the plan is to

+</I>&gt;<i> say &quot;every key signed is valid&quot;, then we are potentially screwed if a

+</I>&gt;<i> old key is compromised offline.

+</I>

+If in 10 years there is some technology to get our private key, then

+it's still possible to revoke the key at that time. Instead of deciding

+now that the key will expire in a few years, I would prefer that we look

+at it in a few years to decide if we want to revoke it.

+

+</PRE>

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002393.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002397.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2396">[ date ]</a>

+ <a href="thread.html#2396">[ thread ]</a>

+ <a href="subject.html#2396">[ subject ]</a>

+ <a href="author.html#2396">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C1296496587.12892.104.camel%40akroma.ephaone.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002396.html">

+ <LINK REL="Next" HREF="002398.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Michael Scherer</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C1296496587.12892.104.camel%40akroma.ephaone.org%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">misc at zarb.org

+ </A><BR>

+ <I>Mon Jan 31 18:56:27 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002396.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002398.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2397">[ date ]</a>

+ <a href="thread.html#2397">[ thread ]</a>

+ <a href="subject.html#2397">[ subject ]</a>

+ <a href="author.html#2397">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>Le lundi 31 janvier 2011 &#224; 18:26 +0100, nicolas vigier a &#233;crit :

+&gt;<i> On Mon, 31 Jan 2011, Michael Scherer wrote:

+</I>&gt;<i>

+</I>&gt;<i> &gt; Le lundi 31 janvier 2011 &#224; 16:03 +0100, nicolas vigier a &#233;crit :

+</I>&gt;<i> &gt; &gt; On Sun, 30 Jan 2011, Motoko-chan wrote:

+</I>

+&gt;<i> &gt; &gt; &gt;&gt; - In case we think the packages@ key may have been compromised, or is

+</I>&gt;<i> &gt; &gt; &gt;&gt; too old, or we want to change it for any other reason, we revoke the

+</I>&gt;<i> &gt; &gt; &gt;&gt; key, and/or revoke the signature from board@ so that it is no

+</I>&gt;<i> &gt; &gt; &gt;&gt; longer accepted by urpmi. We create a new key, we sign it with

+</I>&gt;<i> &gt; &gt; &gt;&gt; the board@ key and we can start to use this new key.

+</I>&gt;<i> &gt; &gt; &gt; Sounds good. I'd almost suggest a new packages signing key for each new

+</I>&gt;<i> &gt; &gt; &gt; release that is valid for the supported life of the release plus one year.

+</I>&gt;<i> &gt; &gt; &gt; It's a bit more work, but would reduce the damage a key leak would cause.

+</I>&gt;<i> &gt; &gt; &gt; Unfortunately, this would bring back the problems of re-signing packages

+</I>&gt;<i> &gt; &gt; &gt; when they are turned into a release.

+</I>&gt;<i> &gt; &gt;

+</I>&gt;<i> &gt; &gt; I think we should avoid keys with expiration date because :

+</I>&gt;<i> &gt; &gt; - maybe we will want to extend supported life of the release

+</I>&gt;<i> &gt; &gt; - some people may want to continue using the release after end of life

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; We can 1) have a long enough expiration date ( but EOL + 1y seems quite

+</I>&gt;<i> &gt; enough IMHO )

+</I>&gt;<i> &gt; 2) push unexpired keys before it is too late if needed ( I routinely

+</I>&gt;<i> &gt; push my key after extending the expiration date ).

+</I>&gt;<i>

+</I>&gt;<i> Pushing new unexpired keys also means we need to resign all old packages

+</I>&gt;<i> if we want them to be installable. So that's not something we want to do

+</I>&gt;<i> too often if it's not needed.

+</I>

+Nope, I didn't say &quot;new unexpired key&quot;, but just push the same key, with

+the expiration date extended. That should be painless IIRC ( at least,

+it is for me ).

+

+&gt;<i> &gt; And people should be able to force a bypass of the system of course, but

+</I>&gt;<i> &gt; they will be on their own ( ie, that's quite the definition of EOL ).

+</I>&gt;<i> &gt; And this should be documented, and easy to do ( but warn people without

+</I>&gt;<i> &gt; harrassing too much can be quite difficult ).

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; We can also say that we erase the keys once it is not planned to be used

+</I>&gt;<i> &gt; anymore, so we would no longer care about protecting them ( ie, we say

+</I>&gt;<i> &gt; the key is expired for good, and that's all ).

+</I>&gt;<i>

+</I>&gt;<i> If we decide that a key won't be used anymore, and don't want to care

+</I>&gt;<i> about protecting it, I think we should revoke it (or its signature) as

+</I>&gt;<i> soon as possible, instead of waiting for it to expire.

+</I>

+Well, we can do both. Revoke it, and for those that still use it and

+didn't update, let it expires.

+

+&gt;<i> I think the only use of expiration date would be if one day all

+</I>&gt;<i> known keyservers are down and never come back (I think it's unlikely to

+</I>&gt;<i> happen, or we will also have other problems)

+</I>

+Yep, unlikely ( unless in Egypt )

+

+Maybe this also mean we should have a SKS server too

+( <A HREF="http://minskyprimus.net/sks/">http://minskyprimus.net/sks/</A> ).

+

+&gt;<i> , or we lose all private

+</I>&gt;<i> keys, so we can't revoke them or their signature. But if we lose all

+</I>&gt;<i> private keys, we will also have other problems (like not being able to

+</I>&gt;<i> sign a new key), so we should avoid it.

+</I>

+Usually, revokation certificates can be prepared in advance. ( in case

+you lose the key, simply ). So this should also be done.

+

+The point about losing all keys also mean we need to take backup in

+accounts ( for example, encrypt them, bacula can do it client side ).

+

+&gt;<i> &gt; &gt; - I don't think using expiration date reduce the damage of a leaked

+</I>&gt;<i> &gt; &gt; key. If the key is leaked, we revoke it (or its signature) immediatly

+</I>&gt;<i> &gt; &gt; on all key servers, which should be faster than waiting for the key to

+</I>&gt;<i> &gt; &gt; expire. And replacing an expired key is not more simple than replacing

+</I>&gt;<i> &gt; &gt; a revoked key.

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; The problem is not leaking the key, it is about cryptographic attacks

+</I>&gt;<i> &gt; about older keys.

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; If in 10 years, there is some technology that allows people to get our

+</I>&gt;<i> &gt; private key by bruteforce on the public one, if it is expired, attackers

+</I>&gt;<i> &gt; will not be able to use it even if they have it. Since the plan is to

+</I>&gt;<i> &gt; say &quot;every key signed is valid&quot;, then we are potentially screwed if a

+</I>&gt;<i> &gt; old key is compromised offline.

+</I>&gt;<i>

+</I>&gt;<i> If in 10 years there is some technology to get our private key, then

+</I>&gt;<i> it's still possible to revoke the key at that time.

+</I>&gt;<i>

+</I>&gt;<i> Instead of deciding

+</I>&gt;<i> now that the key will expire in a few years, I would prefer that we look

+</I>&gt;<i> at it in a few years to decide if we want to revoke it.

+</I>

+Wouldn't it be too late ?

+

+--

+Michael Scherer

+

+</PRE>

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002396.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002398.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2397">[ date ]</a>

+ <a href="thread.html#2397">[ thread ]</a>

+ <a href="subject.html#2397">[ subject ]</a>

+ <a href="author.html#2397">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131191224.GM21938%40mars-attacks.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002397.html">

+ <LINK REL="Next" HREF="002399.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>nicolas vigier</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C20110131191224.GM21938%40mars-attacks.org%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">boklm at mars-attacks.org

+ </A><BR>

+ <I>Mon Jan 31 20:12:24 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002397.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002399.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2398">[ date ]</a>

+ <a href="thread.html#2398">[ thread ]</a>

+ <a href="subject.html#2398">[ subject ]</a>

+ <a href="author.html#2398">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On Mon, 31 Jan 2011, Michael Scherer wrote:

+

+&gt;<i> Le lundi 31 janvier 2011 &#224; 18:26 +0100, nicolas vigier a &#233;crit :

+</I>&gt;<i> &gt; On Mon, 31 Jan 2011, Michael Scherer wrote:

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; &gt; We can 1) have a long enough expiration date ( but EOL + 1y seems quite

+</I>&gt;<i> &gt; &gt; enough IMHO )

+</I>&gt;<i> &gt; &gt; 2) push unexpired keys before it is too late if needed ( I routinely

+</I>&gt;<i> &gt; &gt; push my key after extending the expiration date ).

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; Pushing new unexpired keys also means we need to resign all old packages

+</I>&gt;<i> &gt; if we want them to be installable. So that's not something we want to do

+</I>&gt;<i> &gt; too often if it's not needed.

+</I>&gt;<i>

+</I>&gt;<i> Nope, I didn't say &quot;new unexpired key&quot;, but just push the same key, with

+</I>&gt;<i> the expiration date extended. That should be painless IIRC ( at least,

+</I>&gt;<i> it is for me ).

+</I>

+Oh, I misunderstood this as I imagined it was not possible to change

+expiration date on a key as it would be difficult to check if the change

+was done before expiration. But after checking, it is indeed possible,

+and it is even possible to do it after the expiration date.

+

+So we can do it, but we should remember that it does not protect against

+a key compromised after it has expired (as someone stealing the key

+can change the expiration date even after it has expired).

+

+So the only use of expiration date I see is to check that the key was

+updated from keyserver recently. Maybe we can set a short expiration

+time (15 days ?), and have something in cron to update it a few days

+before it expire ?

+

+&gt;<i> &gt; &gt; &gt; - I don't think using expiration date reduce the damage of a leaked

+</I>&gt;<i> &gt; &gt; &gt; key. If the key is leaked, we revoke it (or its signature) immediatly

+</I>&gt;<i> &gt; &gt; &gt; on all key servers, which should be faster than waiting for the key to

+</I>&gt;<i> &gt; &gt; &gt; expire. And replacing an expired key is not more simple than replacing

+</I>&gt;<i> &gt; &gt; &gt; a revoked key.

+</I>&gt;<i> &gt; &gt;

+</I>&gt;<i> &gt; &gt; The problem is not leaking the key, it is about cryptographic attacks

+</I>&gt;<i> &gt; &gt; about older keys.

+</I>&gt;<i> &gt; &gt;

+</I>&gt;<i> &gt; &gt; If in 10 years, there is some technology that allows people to get our

+</I>&gt;<i> &gt; &gt; private key by bruteforce on the public one, if it is expired, attackers

+</I>&gt;<i> &gt; &gt; will not be able to use it even if they have it. Since the plan is to

+</I>&gt;<i> &gt; &gt; say &quot;every key signed is valid&quot;, then we are potentially screwed if a

+</I>&gt;<i> &gt; &gt; old key is compromised offline.

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; If in 10 years there is some technology to get our private key, then

+</I>&gt;<i> &gt; it's still possible to revoke the key at that time.

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; Instead of deciding

+</I>&gt;<i> &gt; now that the key will expire in a few years, I would prefer that we look

+</I>&gt;<i> &gt; at it in a few years to decide if we want to revoke it.

+</I>&gt;<i>

+</I>&gt;<i> Wouldn't it be too late ?

+</I>

+Considering that it is possible to update expiration date even after it

+has expired, this expiration date doesn't protect against some technology

+that would allow people in the futur to bruteforce the private key.

+

+</PRE>

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002397.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002399.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2398">[ date ]</a>

+ <a href="thread.html#2398">[ thread ]</a>

+ <a href="subject.html#2398">[ subject ]</a>

+ <a href="author.html#2398">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C1296502627.12892.132.camel%40akroma.ephaone.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002398.html">

+ <LINK REL="Next" HREF="002401.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Michael Scherer</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C1296502627.12892.132.camel%40akroma.ephaone.org%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">misc at zarb.org

+ </A><BR>

+ <I>Mon Jan 31 20:37:07 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002398.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002401.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2399">[ date ]</a>

+ <a href="thread.html#2399">[ thread ]</a>

+ <a href="subject.html#2399">[ subject ]</a>

+ <a href="author.html#2399">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>Le lundi 31 janvier 2011 &#224; 20:12 +0100, nicolas vigier a &#233;crit :

+&gt;<i> On Mon, 31 Jan 2011, Michael Scherer wrote:

+</I>&gt;<i>

+</I>&gt;<i> &gt; Nope, I didn't say &quot;new unexpired key&quot;, but just push the same key, with

+</I>&gt;<i> &gt; the expiration date extended. That should be painless IIRC ( at least,

+</I>&gt;<i> &gt; it is for me ).

+</I>&gt;<i>

+</I>&gt;<i> Oh, I misunderstood this as I imagined it was not possible to change

+</I>&gt;<i> expiration date on a key as it would be difficult to check if the change

+</I>&gt;<i> was done before expiration. But after checking, it is indeed possible,

+</I>&gt;<i> and it is even possible to do it after the expiration date.

+</I>&gt;<i>

+</I>&gt;<i> So we can do it, but we should remember that it does not protect against

+</I>&gt;<i> a key compromised after it has expired (as someone stealing the key

+</I>&gt;<i> can change the expiration date even after it has expired).

+</I>

+But we would notice it, I guess. That could be a good idea to check if

+any of our old key do not appear on the keyring with a non expired

+date :)

+

+&gt;<i> So the only use of expiration date I see is to check that the key was

+</I>&gt;<i> updated from keyserver recently. Maybe we can set a short expiration

+</I>&gt;<i> time (15 days ?), and have something in cron to update it a few days

+</I>&gt;<i> before it expire ?

+</I>

+Or maybe we can keep the expiration date to indicate when the key should

+not be used anymore ( ie, as a indication, nothing more, as we cannot

+guarantee anything ), and once the expiration date occurs ( expiration

+date set on our copy of the key ), we upload the revocation certificate

+( with we == a cronjob , by checking the date of the key )

+

+We could even use this on client side to indicate that a release is no

+longer supported. ( ie, DRY principle ).

+

+&gt;<i> &gt; &gt; Instead of deciding

+</I>&gt;<i> &gt; &gt; now that the key will expire in a few years, I would prefer that we look

+</I>&gt;<i> &gt; &gt; at it in a few years to decide if we want to revoke it.

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; Wouldn't it be too late ?

+</I>&gt;<i>

+</I>&gt;<i> Considering that it is possible to update expiration date even after it

+</I>&gt;<i> has expired, this expiration date doesn't protect against some technology

+</I>&gt;<i> that would allow people in the futur to bruteforce the private key.

+</I>

+It is up to the tool to use or not the expiration. Ie, if we tell to

+urpmi &quot;do not trust expired key&quot;, we can as well say &quot;keep a list of key

+that have expired and never trust a key, even if it say the contrary&quot;.

+

+But indeed, that doesn't sound very secure per se :/

+

+--

+Michael Scherer

+

+</PRE>

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002398.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002401.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2399">[ date ]</a>

+ <a href="thread.html#2399">[ thread ]</a>

+ <a href="subject.html#2399">[ subject ]</a>

+ <a href="author.html#2399">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C201101312040.00434.maarten.vanraes%40gmail.com%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002395.html">

+ <LINK REL="Next" HREF="002393.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Maarten Vanraes</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C201101312040.00434.maarten.vanraes%40gmail.com%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">maarten.vanraes at gmail.com

+ </A><BR>

+ <I>Mon Jan 31 20:40:00 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002395.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002393.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2400">[ date ]</a>

+ <a href="thread.html#2400">[ thread ]</a>

+ <a href="subject.html#2400">[ subject ]</a>

+ <a href="author.html#2400">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>Op maandag 31 januari 2011 18:01:16 schreef nicolas vigier:

+&gt;<i> On Mon, 31 Jan 2011, Christophe Fergeau wrote:

+</I>&gt;<i> &gt; 2011/1/31 nicolas vigier &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">boklm at mars-attacks.org</A>&gt;:

+</I>&gt;<i> &gt; &gt; On Sun, 30 Jan 2011, Motoko-chan wrote:

+</I>&gt;<i> &gt; &gt;&gt; What if urpmi automatically trusts packages signed with a key signed

+</I>&gt;<i> &gt; &gt;&gt; by board@ and prompt on the first install of a package that is signed

+</I>&gt;<i> &gt; &gt;&gt; by a different key? The yum tool used by Fedora, RHEL, and CentOS

+</I>&gt;<i> &gt; &gt;&gt; works very well by prompting on new keys.

+</I>&gt;<i> &gt; &gt;

+</I>&gt;<i> &gt; &gt; For PLF packages, they will now be included on Mageia repository, so

+</I>&gt;<i> &gt; &gt; most users should not need to use external repositories. However we

+</I>&gt;<i> &gt; &gt; can add an option or prompt to disable this check, or an option to

+</I>&gt;<i> &gt; &gt; manually add a new trusted key. As long as it's not automatically

+</I>&gt;<i> &gt; &gt; downloaded from the mirror without asking for any confirmation.

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; You definitely want to let people set up their own local package

+</I>&gt;<i> &gt; repositories or to use 3rd party repositories, for example I did it

+</I>&gt;<i> &gt; sometimes at Mandriva for some tests, and I want to do it again for

+</I>&gt;<i> &gt; internal work/proprietary packages. I'm ok with having rpm/urpmi

+</I>&gt;<i> &gt; telling you you're about to install packages with an unknown

+</I>&gt;<i> &gt; signature/... as long as you can override it and tell it to let you

+</I>&gt;<i> &gt; install the package.

+</I>&gt;<i>

+</I>&gt;<i> Yes, we should add an option somewhere to allow this.

+</I>

+isn't it easier if local overrides would also provide a way to add keys that

+can be validated, imo.

+

+I'm writing urpmi-proxy, and and i would like to have a good way to have local

+overrides with their own key signed.

+

+perhaps if a diff key is detected, a certain procedure could be started that

+could ask the user if this key is trusted or not, or refer to somewhere else?

+

+also, thinking on the upgrade path from Mandriva, i'm not sure how...

+</PRE>

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002395.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002393.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2400">[ date ]</a>

+ <a href="thread.html#2400">[ thread ]</a>

+ <a href="subject.html#2400">[ subject ]</a>

+ <a href="author.html#2400">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C201101312042.44309.maarten.vanraes%40gmail.com%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002399.html">

+ <LINK REL="Next" HREF="002402.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Maarten Vanraes</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C201101312042.44309.maarten.vanraes%40gmail.com%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">maarten.vanraes at gmail.com

+ </A><BR>

+ <I>Mon Jan 31 20:42:44 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002399.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002402.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2401">[ date ]</a>

+ <a href="thread.html#2401">[ thread ]</a>

+ <a href="subject.html#2401">[ subject ]</a>

+ <a href="author.html#2401">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>Op maandag 31 januari 2011 20:12:24 schreef nicolas vigier:

+&gt;<i> On Mon, 31 Jan 2011, Michael Scherer wrote:

+</I>&gt;<i> &gt; Le lundi 31 janvier 2011 &#224; 18:26 +0100, nicolas vigier a &#233;crit :

+</I>&gt;<i> &gt; &gt; On Mon, 31 Jan 2011, Michael Scherer wrote:

+</I>&gt;<i> &gt; &gt; &gt; We can 1) have a long enough expiration date ( but EOL + 1y seems

+</I>&gt;<i> &gt; &gt; &gt; quite enough IMHO )

+</I>&gt;<i> &gt; &gt; &gt; 2) push unexpired keys before it is too late if needed ( I routinely

+</I>&gt;<i> &gt; &gt; &gt; push my key after extending the expiration date ).

+</I>&gt;<i> &gt; &gt;

+</I>&gt;<i> &gt; &gt; Pushing new unexpired keys also means we need to resign all old

+</I>&gt;<i> &gt; &gt; packages if we want them to be installable. So that's not something we

+</I>&gt;<i> &gt; &gt; want to do too often if it's not needed.

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; Nope, I didn't say &quot;new unexpired key&quot;, but just push the same key, with

+</I>&gt;<i> &gt; the expiration date extended. That should be painless IIRC ( at least,

+</I>&gt;<i> &gt; it is for me ).

+</I>&gt;<i>

+</I>&gt;<i> Oh, I misunderstood this as I imagined it was not possible to change

+</I>&gt;<i> expiration date on a key as it would be difficult to check if the change

+</I>&gt;<i> was done before expiration. But after checking, it is indeed possible,

+</I>&gt;<i> and it is even possible to do it after the expiration date.

+</I>&gt;<i>

+</I>&gt;<i> So we can do it, but we should remember that it does not protect against

+</I>&gt;<i> a key compromised after it has expired (as someone stealing the key

+</I>&gt;<i> can change the expiration date even after it has expired).

+</I>&gt;<i>

+</I>&gt;<i> So the only use of expiration date I see is to check that the key was

+</I>&gt;<i> updated from keyserver recently. Maybe we can set a short expiration

+</I>&gt;<i> time (15 days ?), and have something in cron to update it a few days

+</I>&gt;<i> before it expire ?

+</I>&gt;<i>

+</I>&gt;<i> &gt; &gt; &gt; &gt; - I don't think using expiration date reduce the damage of a

+</I>&gt;<i> &gt; &gt; &gt; &gt; leaked

+</I>&gt;<i> &gt; &gt; &gt; &gt;

+</I>&gt;<i> &gt; &gt; &gt; &gt; key. If the key is leaked, we revoke it (or its signature)

+</I>&gt;<i> &gt; &gt; &gt; &gt; immediatly on all key servers, which should be faster than

+</I>&gt;<i> &gt; &gt; &gt; &gt; waiting for the key to expire. And replacing an expired key is

+</I>&gt;<i> &gt; &gt; &gt; &gt; not more simple than replacing a revoked key.

+</I>&gt;<i> &gt; &gt; &gt;

+</I>&gt;<i> &gt; &gt; &gt; The problem is not leaking the key, it is about cryptographic attacks

+</I>&gt;<i> &gt; &gt; &gt; about older keys.

+</I>&gt;<i> &gt; &gt; &gt;

+</I>&gt;<i> &gt; &gt; &gt; If in 10 years, there is some technology that allows people to get

+</I>&gt;<i> &gt; &gt; &gt; our private key by bruteforce on the public one, if it is expired,

+</I>&gt;<i> &gt; &gt; &gt; attackers will not be able to use it even if they have it. Since the

+</I>&gt;<i> &gt; &gt; &gt; plan is to say &quot;every key signed is valid&quot;, then we are potentially

+</I>&gt;<i> &gt; &gt; &gt; screwed if a old key is compromised offline.

+</I>&gt;<i> &gt; &gt;

+</I>&gt;<i> &gt; &gt; If in 10 years there is some technology to get our private key, then

+</I>&gt;<i> &gt; &gt; it's still possible to revoke the key at that time.

+</I>&gt;<i> &gt; &gt;

+</I>&gt;<i> &gt; &gt; Instead of deciding

+</I>&gt;<i> &gt; &gt; now that the key will expire in a few years, I would prefer that we

+</I>&gt;<i> &gt; &gt; look at it in a few years to decide if we want to revoke it.

+</I>&gt;<i> &gt;

+</I>&gt;<i> &gt; Wouldn't it be too late ?

+</I>&gt;<i>

+</I>&gt;<i> Considering that it is possible to update expiration date even after it

+</I>&gt;<i> has expired, this expiration date doesn't protect against some technology

+</I>&gt;<i> that would allow people in the futur to bruteforce the private key.

+</I>

+

+what if there is no network access? keyservers are nice, but an isolated

+install should still be possible...

+</PRE>

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002399.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002402.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2401">[ date ]</a>

+ <a href="thread.html#2401">[ thread ]</a>

+ <a href="subject.html#2401">[ subject ]</a>

+ <a href="author.html#2401">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3Cop.vp6w3jn1n7mcit%40hodgins.homeip.net%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002401.html">

+ <LINK REL="Next" HREF="002403.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>David W. Hodgins</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3Cop.vp6w3jn1n7mcit%40hodgins.homeip.net%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">davidwhodgins at gmail.com

+ </A><BR>

+ <I>Mon Jan 31 21:41:34 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002401.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002403.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2402">[ date ]</a>

+ <a href="thread.html#2402">[ thread ]</a>

+ <a href="subject.html#2402">[ subject ]</a>

+ <a href="author.html#2402">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On Mon, 31 Jan 2011 14:12:24 -0500, nicolas vigier &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">boklm at mars-attacks.org</A>&gt; wrote:

+

+&gt;<i> So the only use of expiration date I see is to check that the key was

+</I>&gt;<i> updated from keyserver recently. Maybe we can set a short expiration

+</I>&gt;<i> time (15 days ?), and have something in cron to update it a few days

+</I>&gt;<i> before it expire ?

+</I>

+What about systems that are not connected to the internet? I see no

+point in having the key expire. If a person chooses to install an

+old version after the release has reached end of life, that is their

+choice. They shouldn't have to jump through hoops, just to get the

+installer to run.

+

+If a key gets compromised, it gets revoked, and the revocation certificate

+gets distributed as an update, along with a new key.

+

+Regards, Dave Hodgins

+</PRE>

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002401.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002403.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2402">[ date ]</a>

+ <a href="thread.html#2402">[ thread ]</a>

+ <a href="subject.html#2402">[ subject ]</a>

+ <a href="author.html#2402">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] PGP keys and package signing

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C201101312149.p0VLnX9h027145%40smtp-vbr12.xs4all.nl%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002402.html">

+ <LINK REL="Next" HREF="002386.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] PGP keys and package signing</H1>

+ <B>Dick Gevers</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3C201101312149.p0VLnX9h027145%40smtp-vbr12.xs4all.nl%3E"

+ TITLE="[Mageia-dev] PGP keys and package signing">dvgevers at xs4all.nl

+ </A><BR>

+ <I>Mon Jan 31 22:49:32 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002402.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002386.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2403">[ date ]</a>

+ <a href="thread.html#2403">[ thread ]</a>

+ <a href="subject.html#2403">[ subject ]</a>

+ <a href="author.html#2403">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>On Mon, 31 Jan 2011 17:18:25 +0100, Michael Scherer wrote about Re:

+[Mageia-dev] PGP keys and package signing:

+

+&gt;<i>The problem is not leaking the key, it is about cryptographic attacks

+</I>&gt;<i>about older keys.

+</I>&gt;<i>

+</I>&gt;<i>If in 10 years, there is some technology that allows people to get our

+</I>&gt;<i>private key by bruteforce on the public one

+</I>

+You can never ever obtain the private key from the public one, that is

+impossible. It can only be compromised if someone looses the private key

+plus the password is cracked.

+

+Cheers.

+=Dick Gevers=

+</PRE>

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002402.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI>Next message: <A HREF="002386.html">[Mageia-dev] PGP keys and package signing

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2403">[ date ]</a>

+ <a href="thread.html#2403">[ thread ]</a>

+ <a href="subject.html#2403">[ subject ]</a>

+ <a href="author.html#2403">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] please release mgarepo-1.9.8

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20please%20release%20mgarepo-1.9.8&In-Reply-To=%3CAANLkTincpu3r44ZsajtU%3DYza3LWGDmJzAk6kc8C1vX4r%40mail.gmail.com%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002422.html">

+

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] please release mgarepo-1.9.8</H1>

+ <B>Thierry Vignaud</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20please%20release%20mgarepo-1.9.8&In-Reply-To=%3CAANLkTincpu3r44ZsajtU%3DYza3LWGDmJzAk6kc8C1vX4r%40mail.gmail.com%3E"

+ TITLE="[Mageia-dev] please release mgarepo-1.9.8">thierry.vignaud at gmail.com

+ </A><BR>

+ <I>Mon Jan 31 23:48:30 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002422.html">[Mageia-dev] Dev Team Call To Action...

+</A></li>

+

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2404">[ date ]</a>

+ <a href="thread.html#2404">[ thread ]</a>

+ <a href="subject.html#2404">[ subject ]</a>

+ <a href="author.html#2404">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>Hi

+

+Please fix your upload process since:

+- mgarepo-1.9.8 (which has fixed sync option) is half-released

+ (aka the SRPM is in <A HREF="http://repository.mageia.org/mageiatools/SRPMS/">http://repository.mageia.org/mageiatools/SRPMS/</A>

+ but binary packages are still 1.9.7)

+- also since you're using setup.py instead of plain old Makefile, we're missing

+ the release bits in order to do a tarball

+ it would be nice if this could be documented

+ (even &quot;VERSION=$(egrep '^VERSION' mgarepo|cut -f 2 -d=|sed -e

+'s!&quot;!!g'); cd ..;ln -s mgarepo mgarepo-$VERSION; tar cfz

+mgarepo-$VERSION{.tgz,/}&quot;)

+ but please documente it.

+

+thanks.

+</PRE>

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002422.html">[Mageia-dev] Dev Team Call To Action...

+</A></li>

+

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2404">[ date ]</a>

+ <a href="thread.html#2404">[ thread ]</a>

+ <a href="subject.html#2404">[ subject ]</a>

+ <a href="author.html#2404">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] Dev Team Call To Action...

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Dev%20Team%20Call%20To%20Action...&In-Reply-To=%3C4D47132A.20503%40borg1911.com%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="002383.html">

+ <LINK REL="Next" HREF="002404.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] Dev Team Call To Action...</H1>

+ <B>Nex6</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Dev%20Team%20Call%20To%20Action...&In-Reply-To=%3C4D47132A.20503%40borg1911.com%3E"

+ TITLE="[Mageia-dev] Dev Team Call To Action...">borg at borg1911.com

+ </A><BR>

+ <I>Mon Jan 31 20:53:14 CET 2011</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="002383.html">[Mageia-dev] [Mageia-sysadm] Accident

+</A></li>

+ <LI>Next message: <A HREF="002404.html">[Mageia-dev] please release mgarepo-1.9.8

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2422">[ date ]</a>

+ <a href="thread.html#2422">[ thread ]</a>

+ <a href="subject.html#2422">[ subject ]</a>

+ <a href="author.html#2422">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>I am interested in the dev team still

+

+

+On 1/26/2011 4:59 PM, Maarten Vanraes wrote:

+&gt;<i> Hi,

+</I>&gt;<i>

+</I>&gt;<i> I sent email on mageia-dev regarding the -dev team and &quot;a call for action&quot;:

+</I>&gt;<i> <A HREF="http://www.mageia.org/pipermail/mageia-dev/20110127/002345.html">http://www.mageia.org/pipermail/mageia-dev/20110127/002345.html</A>

+</I>&gt;<i>

+</I>&gt;<i> Are you still interested in -dev team or like to contribute for this

+</I>&gt;<i> particular thing, could you react to the email in question?

+</I>&gt;<i>

+</I>&gt;<i> Regards,

+</I>&gt;<i>

+</I>&gt;<i> Maarten (aka AL13N)

+</I>

+</PRE>

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="002383.html">[Mageia-dev] [Mageia-sysadm] Accident

+</A></li>

+ <LI>Next message: <A HREF="002404.html">[Mageia-dev] please release mgarepo-1.9.8

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#2422">[ date ]</a>

+ <a href="thread.html#2422">[ thread ]</a>

+ <a href="subject.html#2422">[ subject ]</a>

+ <a href="author.html#2422">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <title>The Mageia-dev 31 January 2011 Archive by author</title>

+ <META NAME="robots" CONTENT="noindex,follow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <a name="start"></A>

+ <h1>31 January 2011 Archives by author</h1>

+ <ul>

+ <li> <b>Messages sorted by:</b>

+ <a href="thread.html#start">[ thread ]</a>

+ <a href="subject.html#start">[ subject ]</a>

+

+ <a href="date.html#start">[ date ]</a>

+

+ <li><b><a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More info on this list...

+ </a></b></li>

+ </ul>

+ <p><b>Starting:</b> <i>Mon Jan 31 04:16:43 CET 2011</i><br>

+ <b>Ending:</b> <i>Mon Jan 31 23:48:30 CET 2011</i><br>

+ <b>Messages:</b> 26<p>

+ <ul>

+

+<LI><A HREF="002382.html">[Mageia-dev] BS down

+</A><A NAME="2382">&nbsp;</A>

+<I>Thomas Backlund

+</I>

+

+<LI><A HREF="002385.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2385">&nbsp;</A>

+<I>Remy CLOUARD

+</I>

+

+<LI><A HREF="002386.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2386">&nbsp;</A>

+<I>Christophe Fergeau

+</I>

+

+<LI><A HREF="002392.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2392">&nbsp;</A>

+<I>Christophe Fergeau

+</I>

+

+<LI><A HREF="002403.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2403">&nbsp;</A>

+<I>Dick Gevers

+</I>

+

+<LI><A HREF="002402.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2402">&nbsp;</A>

+<I>David W. Hodgins

+</I>

+

+<LI><A HREF="002381.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2381">&nbsp;</A>

+<I>Motoko-chan

+</I>

+

+<LI><A HREF="002422.html">[Mageia-dev] Dev Team Call To Action...

+</A><A NAME="2422">&nbsp;</A>

+<I>Nex6

+</I>

+

+<LI><A HREF="002388.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2388">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<LI><A HREF="002393.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2393">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<LI><A HREF="002397.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2397">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<LI><A HREF="002399.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2399">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<LI><A HREF="002384.html">[Mageia-dev] BS down

+</A><A NAME="2384">&nbsp;</A>

+<I>Pascal Terjan

+</I>

+

+<LI><A HREF="002387.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2387">&nbsp;</A>

+<I>Olivier Thauvin

+</I>

+

+<LI><A HREF="002400.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2400">&nbsp;</A>

+<I>Maarten Vanraes

+</I>

+

+<LI><A HREF="002401.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2401">&nbsp;</A>

+<I>Maarten Vanraes

+</I>

+

+<LI><A HREF="002383.html">[Mageia-dev] [Mageia-sysadm] Accident

+</A><A NAME="2383">&nbsp;</A>

+<I>Thierry Vignaud

+</I>

+

+<LI><A HREF="002390.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2390">&nbsp;</A>

+<I>Thierry Vignaud

+</I>

+

+<LI><A HREF="002404.html">[Mageia-dev] please release mgarepo-1.9.8

+</A><A NAME="2404">&nbsp;</A>

+<I>Thierry Vignaud

+</I>

+

+<LI><A HREF="002380.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2380">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002389.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2389">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002391.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2391">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002394.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2394">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002395.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2395">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002396.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2396">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002398.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2398">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+ </ul>

+ <p>

+ <a name="end"><b>Last message date:</b></a>

+ <i>Mon Jan 31 23:48:30 CET 2011</i><br>

+ <b>Archived on:</b> <i>Thu Feb 3 17:48:11 CET 2011</i>

+ <p>

+ <ul>

+ <li> <b>Messages sorted by:</b>

+ <a href="thread.html#start">[ thread ]</a>

+ <a href="subject.html#start">[ subject ]</a>

+

+ <a href="date.html#start">[ date ]</a>

+ <li><b><a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More info on this list...

+ </a></b></li>

+ </ul>

+ <p>

+ <hr>

+ <i>This archive was generated by

+ Pipermail 0.09 (Mailman edition).</i>

+ </BODY>

+</HTML>

+

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <title>The Mageia-dev 31 January 2011 Archive by date</title>

+ <META NAME="robots" CONTENT="noindex,follow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <a name="start"></A>

+ <h1>31 January 2011 Archives by date</h1>

+ <ul>

+ <li> <b>Messages sorted by:</b>

+ <a href="thread.html#start">[ thread ]</a>

+ <a href="subject.html#start">[ subject ]</a>

+ <a href="author.html#start">[ author ]</a>

+

+

+ <li><b><a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More info on this list...

+ </a></b></li>

+ </ul>

+ <p><b>Starting:</b> <i>Mon Jan 31 04:16:43 CET 2011</i><br>

+ <b>Ending:</b> <i>Mon Jan 31 23:48:30 CET 2011</i><br>

+ <b>Messages:</b> 26<p>

+ <ul>

+

+<LI><A HREF="002380.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2380">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002381.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2381">&nbsp;</A>

+<I>Motoko-chan

+</I>

+

+<LI><A HREF="002382.html">[Mageia-dev] BS down

+</A><A NAME="2382">&nbsp;</A>

+<I>Thomas Backlund

+</I>

+

+<LI><A HREF="002383.html">[Mageia-dev] [Mageia-sysadm] Accident

+</A><A NAME="2383">&nbsp;</A>

+<I>Thierry Vignaud

+</I>

+

+<LI><A HREF="002384.html">[Mageia-dev] BS down

+</A><A NAME="2384">&nbsp;</A>

+<I>Pascal Terjan

+</I>

+

+<LI><A HREF="002385.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2385">&nbsp;</A>

+<I>Remy CLOUARD

+</I>

+

+<LI><A HREF="002386.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2386">&nbsp;</A>

+<I>Christophe Fergeau

+</I>

+

+<LI><A HREF="002387.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2387">&nbsp;</A>

+<I>Olivier Thauvin

+</I>

+

+<LI><A HREF="002388.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2388">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<LI><A HREF="002389.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2389">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002390.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2390">&nbsp;</A>

+<I>Thierry Vignaud

+</I>

+

+<LI><A HREF="002391.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2391">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002392.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2392">&nbsp;</A>

+<I>Christophe Fergeau

+</I>

+

+<LI><A HREF="002393.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2393">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<LI><A HREF="002394.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2394">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002395.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2395">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002396.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2396">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002397.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2397">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<LI><A HREF="002398.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2398">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002399.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2399">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<LI><A HREF="002400.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2400">&nbsp;</A>

+<I>Maarten Vanraes

+</I>

+

+<LI><A HREF="002401.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2401">&nbsp;</A>

+<I>Maarten Vanraes

+</I>

+

+<LI><A HREF="002422.html">[Mageia-dev] Dev Team Call To Action...

+</A><A NAME="2422">&nbsp;</A>

+<I>Nex6

+</I>

+

+<LI><A HREF="002402.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2402">&nbsp;</A>

+<I>David W. Hodgins

+</I>

+

+<LI><A HREF="002403.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2403">&nbsp;</A>

+<I>Dick Gevers

+</I>

+

+<LI><A HREF="002404.html">[Mageia-dev] please release mgarepo-1.9.8

+</A><A NAME="2404">&nbsp;</A>

+<I>Thierry Vignaud

+</I>

+

+ </ul>

+ <p>

+ <a name="end"><b>Last message date:</b></a>

+ <i>Mon Jan 31 23:48:30 CET 2011</i><br>

+ <b>Archived on:</b> <i>Thu Feb 3 17:48:11 CET 2011</i>

+ <p>

+ <ul>

+ <li> <b>Messages sorted by:</b>

+ <a href="thread.html#start">[ thread ]</a>

+ <a href="subject.html#start">[ subject ]</a>

+ <a href="author.html#start">[ author ]</a>

+

+ <li><b><a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More info on this list...

+ </a></b></li>

+ </ul>

+ <p>

+ <hr>

+ <i>This archive was generated by

+ Pipermail 0.09 (Mailman edition).</i>

+ </BODY>

+</HTML>

+

+thread.html \ No newline at end of file

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <title>The Mageia-dev 31 January 2011 Archive by subject</title>

+ <META NAME="robots" CONTENT="noindex,follow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <a name="start"></A>

+ <h1>31 January 2011 Archives by subject</h1>

+ <ul>

+ <li> <b>Messages sorted by:</b>

+ <a href="thread.html#start">[ thread ]</a>

+

+ <a href="author.html#start">[ author ]</a>

+ <a href="date.html#start">[ date ]</a>

+

+ <li><b><a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More info on this list...

+ </a></b></li>

+ </ul>

+ <p><b>Starting:</b> <i>Mon Jan 31 04:16:43 CET 2011</i><br>

+ <b>Ending:</b> <i>Mon Jan 31 23:48:30 CET 2011</i><br>

+ <b>Messages:</b> 26<p>

+ <ul>

+

+<LI><A HREF="002383.html">[Mageia-dev] [Mageia-sysadm] Accident

+</A><A NAME="2383">&nbsp;</A>

+<I>Thierry Vignaud

+</I>

+

+<LI><A HREF="002382.html">[Mageia-dev] BS down

+</A><A NAME="2382">&nbsp;</A>

+<I>Thomas Backlund

+</I>

+

+<LI><A HREF="002384.html">[Mageia-dev] BS down

+</A><A NAME="2384">&nbsp;</A>

+<I>Pascal Terjan

+</I>

+

+<LI><A HREF="002422.html">[Mageia-dev] Dev Team Call To Action...

+</A><A NAME="2422">&nbsp;</A>

+<I>Nex6

+</I>

+

+<LI><A HREF="002380.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2380">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002381.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2381">&nbsp;</A>

+<I>Motoko-chan

+</I>

+

+<LI><A HREF="002385.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2385">&nbsp;</A>

+<I>Remy CLOUARD

+</I>

+

+<LI><A HREF="002386.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2386">&nbsp;</A>

+<I>Christophe Fergeau

+</I>

+

+<LI><A HREF="002387.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2387">&nbsp;</A>

+<I>Olivier Thauvin

+</I>

+

+<LI><A HREF="002388.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2388">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<LI><A HREF="002389.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2389">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002390.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2390">&nbsp;</A>

+<I>Thierry Vignaud

+</I>

+

+<LI><A HREF="002391.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2391">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002392.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2392">&nbsp;</A>

+<I>Christophe Fergeau

+</I>

+

+<LI><A HREF="002393.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2393">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<LI><A HREF="002394.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2394">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002395.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2395">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002396.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2396">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002397.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2397">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<LI><A HREF="002398.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2398">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<LI><A HREF="002399.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2399">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<LI><A HREF="002400.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2400">&nbsp;</A>

+<I>Maarten Vanraes

+</I>

+

+<LI><A HREF="002401.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2401">&nbsp;</A>

+<I>Maarten Vanraes

+</I>

+

+<LI><A HREF="002402.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2402">&nbsp;</A>

+<I>David W. Hodgins

+</I>

+

+<LI><A HREF="002403.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2403">&nbsp;</A>

+<I>Dick Gevers

+</I>

+

+<LI><A HREF="002404.html">[Mageia-dev] please release mgarepo-1.9.8

+</A><A NAME="2404">&nbsp;</A>

+<I>Thierry Vignaud

+</I>

+

+ </ul>

+ <p>

+ <a name="end"><b>Last message date:</b></a>

+ <i>Mon Jan 31 23:48:30 CET 2011</i><br>

+ <b>Archived on:</b> <i>Thu Feb 3 17:48:11 CET 2011</i>

+ <p>

+ <ul>

+ <li> <b>Messages sorted by:</b>

+ <a href="thread.html#start">[ thread ]</a>

+

+ <a href="author.html#start">[ author ]</a>

+ <a href="date.html#start">[ date ]</a>

+ <li><b><a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More info on this list...

+ </a></b></li>

+ </ul>

+ <p>

+ <hr>

+ <i>This archive was generated by

+ Pipermail 0.09 (Mailman edition).</i>

+ </BODY>

+</HTML>

+

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <title>The Mageia-dev 31 January 2011 Archive by thread</title>

+ <META NAME="robots" CONTENT="noindex,follow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <a name="start"></A>

+ <h1>31 January 2011 Archives by thread</h1>

+ <ul>

+ <li> <b>Messages sorted by:</b>

+

+ <a href="subject.html#start">[ subject ]</a>

+ <a href="author.html#start">[ author ]</a>

+ <a href="date.html#start">[ date ]</a>

+

+ <li><b><a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More info on this list...

+ </a></b></li>

+ </ul>

+ <p><b>Starting:</b> <i>Mon Jan 31 04:16:43 CET 2011</i><br>

+ <b>Ending:</b> <i>Mon Jan 31 23:48:30 CET 2011</i><br>

+ <b>Messages:</b> 26<p>

+ <ul>

+

+<!--0 01296443803- -->

+<LI><A HREF="002380.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2380">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<UL>

+<!--1 01296443803-01296447396- -->

+<LI><A HREF="002381.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2381">&nbsp;</A>

+<I>Motoko-chan

+</I>

+

+<UL>

+<!--2 01296443803-01296447396-01296471753- -->

+<LI><A HREF="002385.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2385">&nbsp;</A>

+<I>Remy CLOUARD

+</I>

+

+<!--2 01296443803-01296447396-01296486235- -->

+<LI><A HREF="002389.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2389">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<UL>

+<!--3 01296443803-01296447396-01296486235-01296488307- -->

+<LI><A HREF="002390.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2390">&nbsp;</A>

+<I>Thierry Vignaud

+</I>

+

+<!--3 01296443803-01296447396-01296486235-01296488307-01296488579- -->

+<LI><A HREF="002391.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2391">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<!--3 01296443803-01296447396-01296486235-01296490081- -->

+<LI><A HREF="002392.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2392">&nbsp;</A>

+<I>Christophe Fergeau

+</I>

+

+<!--3 01296443803-01296447396-01296486235-01296490081-01296493276- -->

+<LI><A HREF="002395.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2395">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<!--3 01296443803-01296447396-01296486235-01296490081-01296493276-01296502800- -->

+<LI><A HREF="002400.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2400">&nbsp;</A>

+<I>Maarten Vanraes

+</I>

+

+<!--3 01296443803-01296447396-01296486235-01296490705- -->

+<LI><A HREF="002393.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2393">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<!--3 01296443803-01296447396-01296486235-01296490705-01296494806- -->

+<LI><A HREF="002396.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2396">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<!--3 01296443803-01296447396-01296486235-01296490705-01296494806-01296496587- -->

+<LI><A HREF="002397.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2397">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<!--3 01296443803-01296447396-01296486235-01296490705-01296494806-01296496587-01296501144- -->

+<LI><A HREF="002398.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2398">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+<!--3 01296443803-01296447396-01296486235-01296490705-01296494806-01296496587-01296501144-01296502627- -->

+<LI><A HREF="002399.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2399">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<!--3 01296443803-01296447396-01296486235-01296490705-01296494806-01296496587-01296501144-01296502964- -->

+<LI><A HREF="002401.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2401">&nbsp;</A>

+<I>Maarten Vanraes

+</I>

+

+<!--3 01296443803-01296447396-01296486235-01296490705-01296494806-01296496587-01296501144-01296506494- -->

+<LI><A HREF="002402.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2402">&nbsp;</A>

+<I>David W. Hodgins

+</I>

+

+<!--3 01296443803-01296447396-01296486235-01296490705-01296510572- -->

+<LI><A HREF="002403.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2403">&nbsp;</A>

+<I>Dick Gevers

+</I>

+

+</UL>

+</UL>

+<!--1 01296443803-01296472384- -->

+<LI><A HREF="002386.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2386">&nbsp;</A>

+<I>Christophe Fergeau

+</I>

+

+<UL>

+<!--2 01296443803-01296472384-01296474197- -->

+<LI><A HREF="002387.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2387">&nbsp;</A>

+<I>Olivier Thauvin

+</I>

+

+</UL>

+<!--1 01296443803-01296485834- -->

+<LI><A HREF="002388.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2388">&nbsp;</A>

+<I>Michael Scherer

+</I>

+

+<UL>

+<!--2 01296443803-01296485834-01296492671- -->

+<LI><A HREF="002394.html">[Mageia-dev] PGP keys and package signing

+</A><A NAME="2394">&nbsp;</A>

+<I>nicolas vigier

+</I>

+

+</UL>

+</UL>

+<!--0 01296462069- -->

+<LI><A HREF="002382.html">[Mageia-dev] BS down

+</A><A NAME="2382">&nbsp;</A>

+<I>Thomas Backlund

+</I>

+

+<UL>

+<!--1 01296462069-01296467619- -->

+<LI><A HREF="002384.html">[Mageia-dev] BS down

+</A><A NAME="2384">&nbsp;</A>

+<I>Pascal Terjan

+</I>

+

+</UL>

+<!--0 01296463792- -->

+<LI><A HREF="002383.html">[Mageia-dev] [Mageia-sysadm] Accident

+</A><A NAME="2383">&nbsp;</A>

+<I>Thierry Vignaud

+</I>

+

+<!--0 01296503594- -->

+<LI><A HREF="002422.html">[Mageia-dev] Dev Team Call To Action...

+</A><A NAME="2422">&nbsp;</A>

+<I>Nex6

+</I>

+

+<!--0 01296514110- -->

+<LI><A HREF="002404.html">[Mageia-dev] please release mgarepo-1.9.8

+</A><A NAME="2404">&nbsp;</A>

+<I>Thierry Vignaud

+</I>

+

+ </ul>

+ <p>

+ <a name="end"><b>Last message date:</b></a>

+ <i>Mon Jan 31 23:48:30 CET 2011</i><br>

+ <b>Archived on:</b> <i>Thu Feb 3 17:48:11 CET 2011</i>

+ <p>

+ <ul>

+ <li> <b>Messages sorted by:</b>

+

+ <a href="subject.html#start">[ subject ]</a>

+ <a href="author.html#start">[ author ]</a>

+ <a href="date.html#start">[ date ]</a>

+ <li><b><a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More info on this list...

+ </a></b></li>

+ </ul>

+ <p>

+ <hr>

+ <i>This archive was generated by

+ Pipermail 0.09 (Mailman edition).</i>

+ </BODY>

+</HTML>

+