trusted, decentralized development and deployment

talking about hacked debian (btw. isn’t it typical that the pgp signature was missing in the first post?):

according to ripclaw, the new debian-based linux distro adamantix (formerly known as trusted debian) supports package signing. nice to see that there’s finally a linux distro taking security seriously.

i tried to convince gentooers long enough to introduce package signing (the currently used portage architecture is highly insecure despite of sandboxing). i therefore made a (actually pretty simple – remember “kiss”) concept and a prototype, but i lacked interest to do the necessary clearing of the rampant portage code base (take a look at its “architecture” and source code and you know what i’m talking about ;) for a production quality implementation. several later attempts by gentoo devs to implement a production quality package signing feature for portage showed no success (probably for the same reason). now the core-devs are finally thinking aloud about a portage rewrite from scratch (this time hopefully using a more sophisticated architecture, wiser decisions and a better implementation), a thing gert suggested (and actually started doing) about 1.5 years ago already.

the trouble with package-signing is not only a technical one (implementing a secure architecture can be pretty difficult). depending on the chosen model there are also social consequences. for example my concept was to put users in control instead of devs which is the right thing to do considering that in the end, only users can decide whom they trust – through a decentrialized trust-model heavily leveraging the already existing openpgp web of trust (why re-invent the wheel?). note that my proposition didn’t make centralization impossible (you could still sign dev keys with a master dev key), but rather enabled decentralization.

one of my intents was to make secure (aka trustworthy), decentralized software development and deployment possible through a decentralized, user-centric package signing trust model. there are many reasons for this, among others (see also those mentioned above) the scalability (mostly qa) and security problems most distros suffer from.

btw recently i’ve been very pleased to read that markus aka maol seems to have a similar vision (at least regarding decentralized development and distribution) for crux :)


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.