Individual developer signing
On Thu, Dec 03, 2009 at 11:32:42AM +0100, Torsten Veller wrote:
> * "Robin H. Johnson" <firstname.lastname@example.org>:
> > The GLEP on Individual developer signing has not made it into a Draft
> > yet.
> > But you can view the very brief version here:
> > http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/02-developer-process-security?view=markup
> > > 2. Every developer signs everything 100% of the time (make it a QA
> > > check).
> > +1 on this.
> In the GLEPs i missed the point where the signatures of Manifests are verified.
> Only the MetaManifest gets verified.
under "Procedure for verifying an item in the MetaManifest"
4.2: "M2-verifying the contents of the Manifest."
Where "M2-verify" is the verb describing the verification of a Manifest.
It _may_ include signature validation.
> So what's the advantage of individually signed Manifests?
Basically making sure that your SSH keys weren't stolen.
They explicitly protect the commit from the developer to infrastructure.
MetaManifest protects the integrity of the contents from infrastructure
out to the user. It does NOT validate the functionality of the tree or
any prior injection.
> The only thing we can check: Is the key used for signing listed in ldap
> (and thus in "the keyring of automated Gentoo keys")? Are the keys in ldap
> really mine?
> Do I miss anything?
Later on I'd like to REJECT unsigned commits.
> BTW: About a third of the Manifests are signed . We didn't improve
> since 2005/2006 . The two parties are working hard against each other .
> 55 Manifests are signed by revoked keys .
>  http://dev.gentoo.org/~tove/stats/gentoo-x86/Manifest/Manifest.png
>  http://dev.gentoo.org/~tove/stats/gentoo-x86/Manifest/ratio_2005.png
>  http://dev.gentoo.org/~tove/stats/gentoo-x86/Manifest/Manifest2.png
>  http://dev.gentoo.org/~tove/stats/gentoo-x86/Manifest/signatures_by_revoked_keys.txt
Nice graphs. Can you show them over a larger timespan?
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail : email@example.com
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85