 Home |
Products |
Support |
Community |
News |
xen-devel
Re: [Xen-devel] Xen signing and wget [and 3 more messages]
| To: | Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-devel] Xen signing and wget [and 3 more messages] |
| From: | Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx> |
| Date: | Tue, 06 Jul 2010 17:56:23 +0200 |
| Cc: | "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx> |
| Delivery-date: | Tue, 06 Jul 2010 08:56:57 -0700 |
| Dkim-signature: | v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:date:from:mime-version:to:cc:subject:references:in-reply-to:content-type; s=smtpout; bh=5j9z4tqMxhww4DOzLO7r1r0YwWY=; b=YwlCBA2PGeGTmagF1qwp0+g+lodVmyEWv7PZqUDQmQssRjfvWi3YckIjpwphcyymCeBOo+p81jZsDjGop7PlYMXim45dcpjSZ8B6BagXeOel1Cge0T/hueLF83sDOjHR/xjfqm+oGgHSXs9f68SPtjMO2ut2jAVQTmo0RVAkMgg= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <19507.20664.587547.9953@xxxxxxxxxxxxxxxxxxxxxxxx> |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| References: | <4C334B5C.4090305@xxxxxxxxxxxxxxxxxxxxxx> <C8590BA9.198A1%keir.fraser@xxxxxxxxxxxxx> <C8590952.1980C%keir.fraser@xxxxxxxxxxxxx> <4C3347C8.7020603@xxxxxxxxxxxxxxxxxxxxxx> <19507.20664.587547.9953@xxxxxxxxxxxxxxxxxxxxxxxx> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100621 Fedora/3.0.5-1.fc13 Lightning/1.0b2pre Thunderbird/3.0.5 |
On 07/06/10 17:50, Ian Jackson wrote:
> Joanna Rutkowska writes ("[Xen-devel] Xen signing and wget"):
>> While the Xen sources have recently become digitally signed by xen.org
>> (which is just great), there is still a problem that its various
>> Makefiles download (and subsequently build) various 3rd party software
>> via wget (e.g. ioemmu, grub, tboot, etc). Unless I'm missing something,
>> the downloaded 3rd part software is never verified in any way.
>
> You are right, and you're right that this could be improved.
>
> I think the correct solution is to have the xen.hg tree contain the
> expected sha hashes of the downloaded items. These files change very
> rarely, we don't really want to be signing them out of context with
> our codesigning keys, we want to make sure you get the corresponding
> version, and downloading and checking a signature as well as the
> tarball would complicate the build (it would start to require gnupg).
>
> So if you would like to prepare a patch to that effect I'd be very
> pleased :-).
>
Sorry, but I'm swamped enough with Qubes-specific things, and just
cannot justify resources for this task at the moment (I don't really
understand the whole Xen build process well, and would have to spend
extra time investigating it).
joanna.
_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-devel] [PATCH] x86/mce: use cpu_online() instead of cpu_isset(, cpu_online_map), Jan Beulich |
|---|---|
| Next by Date: | [Xen-API] XCP Community Call #2, Stephen Spector |
| Previous by Thread: | Re: [Xen-devel] Xen signing and wget [and 3 more messages], Ian Jackson |
| Next by Thread: | [Xen-devel] [PATCH] rombios: fix implicit assumption that DS == SS, Tim Deegan |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
