On Wed, Oct 30, 2024 at 04:18:10AM +0100, Johannes Segitz wrote:
On Sun, Oct 13, 2024 at 07:36:39PM +0200, Michal Suchánek wrote:
On Sun, Oct 13, 2024 at 08:58:11AM +0200, Matěj Cepl wrote:
On Fri Oct 11, 2024 at 12:52 PM CEST, Michal Suchánek wrote:
if I understand this correctly intead of decentralized GPG infrastructure sigstore is a centralized service.
I don’t think it is only about centralization/decentralization (or at all). Just duck it and you get plenty of pages like [1] with a long list of gripes against PGP/GPG on purely technical basis.
GPG/PGP is supserseded for most purposes. However, for signing distributed binaries I have yet to see a proposed alternative that is actually technically at least on par with GPG/PGP.
I agree. GPG/PGP really has its issues (even on security mailing lists like distros people struggle with it, so how usable is if for others?), but package signing is a well established mechanism.
sigstore has advantages, but also some serious drawbacks. Being able to authenticate to the service at the time you request the signature isn't on the same level as accessing a properly stored key.
But one of the great features of signatures is that you can just do multiple. You mostly don't have that luxury when it comes to confidentiality. I would see value in the additional use of sigstore, but I would be really hesitant to drop GPG/PGP for that.
The signify tool proposed here is acutally aiming to replace GPG/PGP for signatures of packages, and seems somewhat workable. It throws away all unneeded features to the point of supporting one hash, ane signature algorithm, one key format, one signature format. That might be sort of OK, and there is a vague plan for changing the algorithms/formats as requirements change (to another single one supported from then on) but the practicability of the plan is not tested. Another weak point of signify is key management. It's actually a weak point of GPG as well. While in GPG the key management is overeingineered to the point of near unintelligibility in signify it is non-existent. The single key-management feature that was added after initial testing is random 16bit key identifier that makes it possible to distinguish bad signature and signature made with a different key. Thanks Michal