LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue93/lg_answer.html

245 lines
9.7 KiB
HTML
Raw Permalink Blame History

<!--startcut ==============================================-->
<!-- *** BEGIN HTML header *** -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML><HEAD>
<title>The Answer Gang LG #93</title>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
ALINK="#FF0000">
<!-- *** END HTML header *** -->
<!-- *** BEGIN navbar *** -->
<A HREF="lg_tips.html">&lt;&lt;&nbsp;Prev</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="index.html">TOC</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="../index.html">Front Page</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue93/lg_answer.html">Talkback</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="../faq/index.html">FAQ</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="lg_bytes.html">Next&nbsp;&gt;&gt;</A>
<!-- *** END navbar *** -->
<!--endcut ============================================================-->
<TABLE BORDER><TR><TD WIDTH="200">
<A HREF="http://www.linuxgazette.com/">
<IMG ALT="LINUX GAZETTE" SRC="../gx/2002/lglogo_200x41.png"
WIDTH="200" HEIGHT="41" border="0"></A>
<BR CLEAR="all">
<SMALL>...<I>making Linux just a little more fun!</I></SMALL>
</TD><TD WIDTH="380">
<CENTER>
<BIG><BIG><STRONG><FONT COLOR="maroon">The Answer Gang</FONT></STRONG></BIG></BIG>
</CENTER>
</TD></TR>
</TABLE>
<P>
<!-- END header -->
<center><p>
<br>We have guidelines for <a href="http://www.linuxgazette.com/tag/ask-the-gang.html">asking</a> and <a href="http://www.linuxgazette.com/tag/members-faq.html">answering</a> questions. Linux questions only, please.
</STRONG>
<br><em><font color="#7F0000">We make <b>no guarantees</b> about answers, but you can be <b>anonymous</b> on request.</font></em>
<br>See also: The Answer Gang's
<a href="../tag/kb.html">Knowledge Base</a>
and the <i>LG</i>
<a href="http://www.linuxgazette.com/search.html">Search Engine</a>
</center>
<br></p></center>
<HR>
<!-- BEGIN message -->
<H3>Contents:</H3>
<dl>
<dt><a href="#tag/greeting"
><strong>&para;: Greetings From Heather Stern</strong></A></dl>
<DL>
<!-- index_text begins -->
<dt><A HREF="tag/1.html"
><img src="../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>linux server for xwindow....need hints</strong></a>
<dt><A HREF="tag/2.html"
><img src="../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>hard links</strong></a>
<dt><A HREF="tag/3.html"
><img src="../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>entering into the interactive mode</strong></a>
<dt><A HREF="tag/4.html"
><img src="../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>SuSE 8.2 Linux Distribution and Soundblaster 16</strong></a>
<dt><A HREF="tag/5.html"
><img src="../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>Kernel Compiling and Framebuffer Device</strong></a>
<dt><A HREF="tag/6.html"
><img src="../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>Question about Laplinking</strong></a>
<!-- index_text ends -->
</DL>
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<A NAME="tag/greeting"><HR WIDTH="75%" ALIGN="center"></A>
<H3 align="left"><img src="../gx/dennis/hbubble.gif"
height="50" width="60" alt="(&para;) " border="0"
>Greetings from Heather Stern</H3>
<!-- begin hgreeting -->
<p>
Howdy folks, and welcome once more to the world of the Answer Gang.
In fact, welcome to the dusty virtual garage of your erstwhile Editor
Gal. I've got the Weekend Mechanic in here passing me a spare wrench
and hanging out, splitting some ginger beer with me.
</p>
<p>
Number of threads that came through was a bit low, I guess the summer
months have people running about and enjoying life instead of hanging
out by their computers quite so much. Dumb questions of the month
seem to be at an all-time low ...
</p>
<p>
So, this time around, the Answer Guy himself, Jim Dennis, asks:
</p>
<h4 align=center>How do you know you can trust these packages?</h4>
<p>
GPG itself is both a cool thing, and an embarrassment. It's fairly well
available nowadays - free flavors of it for everybody - and some nice
helpful GUIs try to integrate it into day to day life. But there's a
problem - it's not easy enough... and that's built into the way
it has to work. It's an embarrasment because it's just hard enough to
really use day to day, that people who probably ought to - don't.
</p>
<p>
Mind you most people just don't have the patience to get a few solid
spokes in their web of trust. Mostly they just establish a few
crosslines here and there to people who knwo them so well they'd trust
their identity directly anyway.
</p>
<p>
So how do we really know kernel.org's key is ... well, itself?
If the webserver got mucked with, how do you know this wasn't a target?
For some random distribution, how do we know our install discs are safe?
</p>
<p>
Well, we buy them, and they're on a pressed CD, so we know they came
from that vendor, so...
</p>
<p>
Nice try. A lot of people get a free or cheap disc from a less perfect
source. And it certainly hasn;t happened to any Linux vendor yet, but
in the mswin world an occasional software vendor <em>has</em> mistakenly
shipped a trojan or a virus. Being a commercial pressing is good, but
isn't really a guarantee.
</p>
<p>
Commercial distros restrict who can commit to the product release, and
that can be considered a good thing. Debian's build servers use GPG to
very the identity behind a package sent to them. But what we, the
sysadmins and other users, can't be really sure of which build server a
given rpm or eb or tarball <strong>really</strong> came from. Some of
the systems allow checking that the download server you have reached is
authentic. But if it got sent junk - ouch. I think it even happened to
one of the distros once, though they spotted it in very short order.
</p>
<p>
Build computers should automagically sign packages, the way mail passing
through a system gets marked up with a Received: header. In fact the
analogy is pretty good - right down to dirty liars forging a few fake
ones behind themselves when they want to send junk. But then folks like
you and I have to be able to establish that the keys are good. And that
process takes human energy.
</p>
<p>
Why? Because we can't just have the computers randomly make up keys. A
person's got to create a key, sign itself, get a few of his buddies to
sign the key, really use it. As a web of trust grows, a key identity
is well known, and you could say you recognize a given key as good the
way many people can recognize a particular actress or other public
figure. You gotta hand it to the debian guys for keying with each other
so they can be sure of who's sending what... but that's for sending them
up to their core servers. The build servers work automatically to
crank out official .deb files, but WE can't tell where they were built.
Even if the build server did sign these packages (good idea) then how do
you and I know the key is trustable. Let's get serious, it's pretty
hard to get a silicon lifeform to come to dinner and show you its state
ID or some of the other things people do to prove they're themselves.
Ok, so the sysadmins sign the key. But you can't just have the key
with no passphrase - if you did that, anyone who somehow got to it could
steal it, then use it to build wicked packages all they liked. No way.
So you end up with a critical system which has to have someone take a
look at it and load up the key again if it has to reboot.
</p>
<p>
Maybe if we have more than a few sysadmins know the fingerprints of
these keys that should be so well known, it'd become reasonable to have
checkable signed packages. In fact let's go one further, the rules or
spec or whatever it is inside a package that makes it something more
than a tarball, should be signed by the coder responsible for the
package. And if they don't check out we don't care which totally
trustable build server built this toy. And let's get these important
keys' fingerprints into some places that can't be cracked and spoofed.
Get these things into printed
manuals, into magazines (maybe just a few at a time, random good ones
that the staff have managed to verify), and onto pressed CD covers
where applicable.
</p>
<p>
Okay. Say you've all your ducks in a row and all sorts of things are
signed... and verifiable. Everybody knows who everybody is. Then we
narrow the field of problems down to the merely ordinary - once you know
who's who, then you can really ask yourself if they know what's what or
are doing what's right.
</p>
<p>
But at least you know who you're talking to and who you're getting your
bits from.
</p>
<!-- end hgreeting -->
<!-- *** BEGIN author bio *** -->
<P>&nbsp;
<P>
<!-- *** END author bio *** -->
<!-- *** BEGIN copyright *** -->
<hr>
<CENTER><SMALL><STRONG>
Copyright &copy; 2003, .
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
Published in Issue 93 of <i>Linux Gazette</i>, August 2003
</STRONG></SMALL></CENTER>
<!-- *** END copyright *** -->
<HR>
<!--startcut ==========================================================-->
<CENTER>
<!-- *** BEGIN navbar *** -->
<A HREF="lg_tips.html">&lt;&lt;&nbsp;Prev</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="index.html">TOC</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="../index.html">Front Page</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue93/lg_answer.html">Talkback</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="../faq/index.html">FAQ</A>&nbsp;&nbsp;|&nbsp;&nbsp;<A HREF="lg_bytes.html">Next&nbsp;&gt;&gt;</A>
<!-- *** END navbar *** -->
</CENTER>
</BODY></HTML>
<!--endcut ============================================================-->
Reference in New Issue View Git Blame Copy Permalink