|
From: | Aaron Bentley |
Subject: | Re: [Gnu-arch-users] Re: Common merge request format |
Date: | Tue, 13 Apr 2004 01:35:44 -0400 |
User-agent: | Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 |
James Blackwell wrote:
Robin Green wrote:In a coding context I think trust is gained through submitting lots of good code - not through having a key with a strong signature path between the submitter and the recipient.Then Aaron Bentley wrote:What would happen if mail.gnu.org were compromised? It could insert false signatures, which you'd gradually grow to trust.* Then the cracker sends you a signed merge request with a trojan. What are you likely to do?No, it can't insert false signatures -- at least not any of anysignificance.
I think it could. I'm pretty confident that the mail signed by e.g. Andrew Suffield is, in fact, produced by a knowledgeable and skilled person, (who is also a bit grumpy at times). Without further thought, I'd trust code that had that signature affixed. I trust Andrew not to produce malware.But is that key in fact his? I've never met him, and he's never given me his fingerprint. My only experience with that key is through the list. So ultimately, I have to trust the list; trust that it's not reprocessing his messages so affix its own signatures. And if I don't trust the list, I can't be sure that the next message I get with that key really comes from Andrew.
This is not a serious concern for me, just a counterargument to Robin's statement.
Aaron
[Prev in Thread] | Current Thread | [Next in Thread] |