[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[atomic-devel] CentOS Atomic Host SIG Proposal
- From: R P Herrold <herrold owlriver com>
- To: Jason Brooks <jbrooks redhat com>, "The CentOS developers mailing list. " <centos-devel centos org>
- Cc: atomic-devel projectatomic io
- Subject: [atomic-devel] CentOS Atomic Host SIG Proposal
- Date: Fri, 25 Jul 2014 17:50:44 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 25 Jul 2014, Jason Brooks wrote:
> I've uploaded [0] a test image for a Project Atomic [1] host
> based on CentOS 7 [2], intended to help with the development
> of an official CentOS 7 image as part of the CentOS Atomic
> SIG [3]. ...
Jason, would you please be so kind as to Gnupg 'clearsign' [1]
the SHASUM file with a key of record at the MIT keyserver,
and hopefully endorsed by someone on the list at [2]. There
are several Red Hatters and Fedorians
The security model for distributing these blogs is potentially
broken as your initial post makes it.
-Hypothetically, a Dr Evil, or a MitM, could subvert
both the images and the SHASUM file.
- Transit is over a non SSL protected channel and so
subject to invisible MitM.
- I do not know the provenance of a un-named IP on
the internet.
- It is not clear how the distribution is maintained
or potentially shared with anonymous others
If the image was built by a scripted process, I would also
appreciate seeing such automation scripting as well
Thanks,
- -- Russ herrold
[1] http://orcorc.blogspot.com/2008/08/gnupg-few-minutes-on-using-detached-and.html
[2] https://pgp.mit.edu/pks/lookup?op=vindex&search=0x311875419B649644
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlPS0TkACgkQMRh1QZtklkROOgCgnivw1/qwrhYeIWKjvUFNI79M
Yx4An3WCPjLH9TZcH9ciM6z1OqIrSXMP
=MUkP
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]