245 lines
9.7 KiB
HTML
245 lines
9.7 KiB
HTML
<!--startcut ==============================================-->
|
|
<!-- *** BEGIN HTML header *** -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML><HEAD>
|
|
<title>The Answer Gang LG #93</title>
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
|
|
ALINK="#FF0000">
|
|
<!-- *** END HTML header *** -->
|
|
|
|
<!-- *** BEGIN navbar *** -->
|
|
<A HREF="lg_tips.html"><< Prev</A> | <A HREF="index.html">TOC</A> | <A HREF="../index.html">Front Page</A> | <A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue93/lg_answer.html">Talkback</A> | <A HREF="../faq/index.html">FAQ</A> | <A HREF="lg_bytes.html">Next >></A>
|
|
<!-- *** END navbar *** -->
|
|
|
|
<!--endcut ============================================================-->
|
|
|
|
<TABLE BORDER><TR><TD WIDTH="200">
|
|
<A HREF="http://www.linuxgazette.com/">
|
|
<IMG ALT="LINUX GAZETTE" SRC="../gx/2002/lglogo_200x41.png"
|
|
WIDTH="200" HEIGHT="41" border="0"></A>
|
|
<BR CLEAR="all">
|
|
<SMALL>...<I>making Linux just a little more fun!</I></SMALL>
|
|
</TD><TD WIDTH="380">
|
|
|
|
|
|
<CENTER>
|
|
<BIG><BIG><STRONG><FONT COLOR="maroon">The Answer Gang</FONT></STRONG></BIG></BIG>
|
|
</CENTER>
|
|
|
|
</TD></TR>
|
|
</TABLE>
|
|
<P>
|
|
|
|
<!-- END header -->
|
|
|
|
|
|
|
|
|
|
<center><p>
|
|
<br>We have guidelines for <a href="http://www.linuxgazette.com/tag/ask-the-gang.html">asking</a> and <a href="http://www.linuxgazette.com/tag/members-faq.html">answering</a> questions. Linux questions only, please.
|
|
</STRONG>
|
|
<br><em><font color="#7F0000">We make <b>no guarantees</b> about answers, but you can be <b>anonymous</b> on request.</font></em>
|
|
<br>See also: The Answer Gang's
|
|
<a href="../tag/kb.html">Knowledge Base</a>
|
|
and the <i>LG</i>
|
|
<a href="http://www.linuxgazette.com/search.html">Search Engine</a>
|
|
</center>
|
|
<br></p></center>
|
|
|
|
<HR>
|
|
<!-- BEGIN message -->
|
|
<H3>Contents:</H3>
|
|
<dl>
|
|
<dt><a href="#tag/greeting"
|
|
><strong>¶: Greetings From Heather Stern</strong></A></dl>
|
|
|
|
<DL>
|
|
<!-- index_text begins -->
|
|
<dt><A HREF="tag/1.html"
|
|
><img src="../gx/dennis/qbub.gif" height="28" width="50"
|
|
alt="(?)" border="0"
|
|
><strong>linux server for xwindow....need hints</strong></a>
|
|
<dt><A HREF="tag/2.html"
|
|
><img src="../gx/dennis/qbub.gif" height="28" width="50"
|
|
alt="(?)" border="0"
|
|
><strong>hard links</strong></a>
|
|
<dt><A HREF="tag/3.html"
|
|
><img src="../gx/dennis/qbub.gif" height="28" width="50"
|
|
alt="(?)" border="0"
|
|
><strong>entering into the interactive mode</strong></a>
|
|
<dt><A HREF="tag/4.html"
|
|
><img src="../gx/dennis/qbub.gif" height="28" width="50"
|
|
alt="(?)" border="0"
|
|
><strong>SuSE 8.2 Linux Distribution and Soundblaster 16</strong></a>
|
|
<dt><A HREF="tag/5.html"
|
|
><img src="../gx/dennis/qbub.gif" height="28" width="50"
|
|
alt="(?)" border="0"
|
|
><strong>Kernel Compiling and Framebuffer Device</strong></a>
|
|
<dt><A HREF="tag/6.html"
|
|
><img src="../gx/dennis/qbub.gif" height="28" width="50"
|
|
alt="(?)" border="0"
|
|
><strong>Question about Laplinking</strong></a>
|
|
<!-- index_text ends -->
|
|
</DL>
|
|
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
|
|
<A NAME="tag/greeting"><HR WIDTH="75%" ALIGN="center"></A>
|
|
<H3 align="left"><img src="../gx/dennis/hbubble.gif"
|
|
height="50" width="60" alt="(¶) " border="0"
|
|
>Greetings from Heather Stern</H3>
|
|
<!-- begin hgreeting -->
|
|
<p>
|
|
Howdy folks, and welcome once more to the world of the Answer Gang.
|
|
In fact, welcome to the dusty virtual garage of your erstwhile Editor
|
|
Gal. I've got the Weekend Mechanic in here passing me a spare wrench
|
|
and hanging out, splitting some ginger beer with me.
|
|
</p>
|
|
|
|
<p>
|
|
Number of threads that came through was a bit low, I guess the summer
|
|
months have people running about and enjoying life instead of hanging
|
|
out by their computers quite so much. Dumb questions of the month
|
|
seem to be at an all-time low ...
|
|
</p>
|
|
|
|
<p>
|
|
So, this time around, the Answer Guy himself, Jim Dennis, asks:
|
|
</p>
|
|
|
|
<h4 align=center>How do you know you can trust these packages?</h4>
|
|
|
|
<p>
|
|
GPG itself is both a cool thing, and an embarrassment. It's fairly well
|
|
available nowadays - free flavors of it for everybody - and some nice
|
|
helpful GUIs try to integrate it into day to day life. But there's a
|
|
problem - it's not easy enough... and that's built into the way
|
|
it has to work. It's an embarrasment because it's just hard enough to
|
|
really use day to day, that people who probably ought to - don't.
|
|
</p>
|
|
|
|
<p>
|
|
Mind you most people just don't have the patience to get a few solid
|
|
spokes in their web of trust. Mostly they just establish a few
|
|
crosslines here and there to people who knwo them so well they'd trust
|
|
their identity directly anyway.
|
|
</p>
|
|
|
|
<p>
|
|
So how do we really know kernel.org's key is ... well, itself?
|
|
If the webserver got mucked with, how do you know this wasn't a target?
|
|
For some random distribution, how do we know our install discs are safe?
|
|
</p>
|
|
|
|
<p>
|
|
Well, we buy them, and they're on a pressed CD, so we know they came
|
|
from that vendor, so...
|
|
</p>
|
|
|
|
<p>
|
|
Nice try. A lot of people get a free or cheap disc from a less perfect
|
|
source. And it certainly hasn;t happened to any Linux vendor yet, but
|
|
in the mswin world an occasional software vendor <em>has</em> mistakenly
|
|
shipped a trojan or a virus. Being a commercial pressing is good, but
|
|
isn't really a guarantee.
|
|
</p>
|
|
|
|
<p>
|
|
Commercial distros restrict who can commit to the product release, and
|
|
that can be considered a good thing. Debian's build servers use GPG to
|
|
very the identity behind a package sent to them. But what we, the
|
|
sysadmins and other users, can't be really sure of which build server a
|
|
given rpm or eb or tarball <strong>really</strong> came from. Some of
|
|
the systems allow checking that the download server you have reached is
|
|
authentic. But if it got sent junk - ouch. I think it even happened to
|
|
one of the distros once, though they spotted it in very short order.
|
|
</p>
|
|
|
|
<p>
|
|
Build computers should automagically sign packages, the way mail passing
|
|
through a system gets marked up with a Received: header. In fact the
|
|
analogy is pretty good - right down to dirty liars forging a few fake
|
|
ones behind themselves when they want to send junk. But then folks like
|
|
you and I have to be able to establish that the keys are good. And that
|
|
process takes human energy.
|
|
</p>
|
|
|
|
<p>
|
|
Why? Because we can't just have the computers randomly make up keys. A
|
|
person's got to create a key, sign itself, get a few of his buddies to
|
|
sign the key, really use it. As a web of trust grows, a key identity
|
|
is well known, and you could say you recognize a given key as good the
|
|
way many people can recognize a particular actress or other public
|
|
figure. You gotta hand it to the debian guys for keying with each other
|
|
so they can be sure of who's sending what... but that's for sending them
|
|
up to their core servers. The build servers work automatically to
|
|
crank out official .deb files, but WE can't tell where they were built.
|
|
Even if the build server did sign these packages (good idea) then how do
|
|
you and I know the key is trustable. Let's get serious, it's pretty
|
|
hard to get a silicon lifeform to come to dinner and show you its state
|
|
ID or some of the other things people do to prove they're themselves.
|
|
Ok, so the sysadmins sign the key. But you can't just have the key
|
|
with no passphrase - if you did that, anyone who somehow got to it could
|
|
steal it, then use it to build wicked packages all they liked. No way.
|
|
So you end up with a critical system which has to have someone take a
|
|
look at it and load up the key again if it has to reboot.
|
|
</p>
|
|
|
|
<p>
|
|
Maybe if we have more than a few sysadmins know the fingerprints of
|
|
these keys that should be so well known, it'd become reasonable to have
|
|
checkable signed packages. In fact let's go one further, the rules or
|
|
spec or whatever it is inside a package that makes it something more
|
|
than a tarball, should be signed by the coder responsible for the
|
|
package. And if they don't check out we don't care which totally
|
|
trustable build server built this toy. And let's get these important
|
|
keys' fingerprints into some places that can't be cracked and spoofed.
|
|
Get these things into printed
|
|
manuals, into magazines (maybe just a few at a time, random good ones
|
|
that the staff have managed to verify), and onto pressed CD covers
|
|
where applicable.
|
|
</p>
|
|
|
|
<p>
|
|
Okay. Say you've all your ducks in a row and all sorts of things are
|
|
signed... and verifiable. Everybody knows who everybody is. Then we
|
|
narrow the field of problems down to the merely ordinary - once you know
|
|
who's who, then you can really ask yourself if they know what's what or
|
|
are doing what's right.
|
|
</p>
|
|
|
|
<p>
|
|
But at least you know who you're talking to and who you're getting your
|
|
bits from.
|
|
</p>
|
|
|
|
<!-- end hgreeting -->
|
|
|
|
|
|
|
|
|
|
<!-- *** BEGIN author bio *** -->
|
|
<P>
|
|
<P>
|
|
|
|
<!-- *** END author bio *** -->
|
|
|
|
|
|
<!-- *** BEGIN copyright *** -->
|
|
<hr>
|
|
<CENTER><SMALL><STRONG>
|
|
Copyright © 2003, .
|
|
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
|
|
Published in Issue 93 of <i>Linux Gazette</i>, August 2003
|
|
</STRONG></SMALL></CENTER>
|
|
<!-- *** END copyright *** -->
|
|
<HR>
|
|
|
|
<!--startcut ==========================================================-->
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<A HREF="lg_tips.html"><< Prev</A> | <A HREF="index.html">TOC</A> | <A HREF="../index.html">Front Page</A> | <A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue93/lg_answer.html">Talkback</A> | <A HREF="../faq/index.html">FAQ</A> | <A HREF="lg_bytes.html">Next >></A>
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</BODY></HTML>
|
|
<!--endcut ============================================================-->
|