[WineHQ] service.cgi fixes

Paul Millar paulm at astro.gla.ac.uk
Tue Jun 15 11:14:46 CDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Dimi,

I think most security software gives a false sense of security, because a lot 
of security problems happen at a ISO-OSI layer 9 (the nut behind the wheel :)

With network security, any activity implies at least some trust. The script 
wasn't brilliant, but pushing the functionality into winrash doesn't really 
solve the problem: we'd still need to verify the binaries somehow, or just 
trust that the binaries are OK.

But, in the mean time, I'll continue generating the sig files (as it happens 
automatically) so future gpg verification-code has something to test against.

Cheers,

Paul.

On Friday 11 June 2004 22:16, Dimitrie O. Paun wrote:
> On Fri, Jun 11, 2004 at 02:49:21PM +0100, Paul Millar wrote:
> > Why remove the verification of the code's gpg signature?  It seems to 
> > break a basic security maxim: don't trust the network.
> 
> Because the current implementation is b0rken, and it just gives us a
> false sense of security. If we can't trust the network:
>   -- why do we trust the script to tell us to do the verification?!?
>      If anything, we would have to automatically always do the
>      verification, not have a command for it. So a command of
> 	download url.foo
>      should implicitily generate a
> 	download url.foo.sig
> 	gpgverify url.foo.sig
> 
>   -- also, why do we trust the script at all? We should also always
>      sign and verify every time the script. But this will make it
>      rather inconvenient to work with... Oh well, we'll do it if we
>      must. But we have to be careful to NOT accept downloads signed
>      my WineHQ (the sig used to sign the script), because if WineHQ
>      is hacked, all bets are off. In other words, we should trust
>      only human signatures for file download. I'm not sure how easily
>      all this can be implemented in winrash.
> 
> In any event, those two lines in the script that I've removed are
> not the answer. For now I guess we can trust the network.
> 
> 
> -- 
> Dimi.
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAzyB8/9JwS78PA+kRAn04AJ9uiRqoNcLo3QLZU98s7DQrKSuvkwCfUxcS
DO0mxCom+BXOnDmaMcQx73o=
=vuNg
-----END PGP SIGNATURE-----

More information about the wine-devel mailing list