Opened 8 years ago

Closed 8 years ago

#5260 closed task (fixed)

Make ldap account for marlowe

Reported by: marlowe Owned by:
Priority: Medium Milestone:
Component: Company Version:
Severity: Keywords:
Cc: weasel, arma, phobos, marlowe@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We should make an account for marlowe so he can have access the rpm git repo

Preferred username: marlowe
first/middle/last name: Patrick Ryan McDonald
forwarding email address: marlowe@…
pgp key fingerprint: FEF9 1952 38AC F8F6 E2DB C654 04F8 9D1C A2D1 E972

Child Tickets

Change History (11)

comment:1 Changed 8 years ago by arma

I agree that we should, but: this key is signed only by marlowe? Do you know anybody near you that we know that you could get to sign it?

comment:2 Changed 8 years ago by mikeperry

arma must be testing if I'm watching the bugs list... I do have concerns about giving ldap accounts to every random person, but requiring that some random friend of a friend meet them in person is not the right bar, imo..

What is the concern here? What risks do we incur by giving an owner of a gpg key some level of access to our infrastructure? How many of these risks still exist if we simply make sure that the owner of this gpg key is actually the same person who volunteered to make rpms for us?

I'm not saying there is no risk... I'm just wondering what problems we're trying to solve by requiring an arbitrary person to meet someone else in person.

comment:3 Changed 8 years ago by marlowe

Cc: marlowe@… added

I will see what I can do about getting my key signed by some people known by the Tor project. Is there anything else I need to provide?

comment:4 Changed 8 years ago by mikeperry

marlowe: I've developed a magical ritual that should obviate the need to get your papers inspected and your orifices sniffed by concentric rings of unwashed beardos:

  1. Post a url here to something signed with your key (preferably wherever you are currently hosting your rpm prototypes).
  2. Verify your own signature yourself from two or more different tor circuits, to ensure you weren't MITM'd on your end.
  3. We'll perform the same verification on our side, to ensure we see the same key.

All we really care about in terms of key authentication is that whoever is building rpms is the same person as who was volunteering to do so. We don't really care about your name or your government-issued ID. Or at least we shouldn't...

However, for my own peace of mind, it would be nice if we could find some way to authenticate that the rpms you produce actually come directly from the git sources. Ie: someone else can take the .spec file, the sources from git, and the patch set and build an identical rpm on a clean VM with the same sha1sum. See #3688.

I'm not sure how we can do this and also have signed rpms, though.. But maybe there is a way to strip the signature from an RPM and then take the sha1sum?

comment:5 in reply to:  1 ; Changed 8 years ago by runa

Replying to arma:

I agree that we should, but: this key is signed only by marlowe? Do you know anybody near you that we know that you could get to sign it?

I have met marlowe before, he has my phone number, and I will be able to recognize his voice if he calls to verify the fingerprint of his public key. Will this be sufficient?

comment:6 in reply to:  5 Changed 8 years ago by mikeperry

Replying to runa:

Replying to arma:

I agree that we should, but: this key is signed only by marlowe? Do you know anybody near you that we know that you could get to sign it?

I have met marlowe before, he has my phone number, and I will be able to recognize his voice if he calls to verify the fingerprint of his public key. Will this be sufficient?

That works for me, though technically you should sign something that says his fingerprint is the same as the above. If you just comment here without a signature, we're just relying on trac security...

But my comment about reproducible builds still stands. No matter how many people have smelled marlowe, his build machines could still get compromised.

comment:7 Changed 8 years ago by weasel

Mike, this isn't the place for your rants against the web-of-trust or pgp keysigning in general. Take that elsewhere, thanks.

comment:8 Changed 8 years ago by weasel

Owner: weasel deleted
Status: newassigned

ping me when y'all have figured out if the original request as such should be handled.

comment:9 Changed 8 years ago by arma

Cc: weasel added

I say we proceed with making the account. marlowe should get his key signed, and meet more Tor people, but that shouldn't block making our rpms not suck.

I agree with Mike about his hope of making reproducible rpms. That should be a separate ticket, or just something marlowe keeps in mind, once this ticket is resolved.

comment:10 in reply to:  7 Changed 8 years ago by mikeperry

Replying to weasel:

Mike, this isn't the place for your rants against the web-of-trust or pgp keysigning in general. Take that elsewhere, thanks.

Weasel, I was not just ranting, I was proposing an alternate protocol for key authentication. I do not believe we should force individuals to divulge their name and/or participate in a broken process when alternatives are available. I reiterated my feelings only because arma seemed to be advocating actually participating in the government-authenticated and social-network based WoT process as if it were the only option we have for authenticating keys.

I also don't believe volunteers should be forced to divulge their social circle as a requirement for joining the project, even if their social circle doesn't happen to enforce the government-authenticated identity aspect of the WoT.

I believe these things very strongly. I am sorry if you feel that proposing alternative authentication mechanisms constitutes ranting against the WoT.

However, now I /am/ ranting. But you have only yourself to thank for that ;)

comment:11 Changed 8 years ago by weasel

Resolution: fixed
Status: assignedclosed

Final information collected:

Patrick Ryan McDonald <marlowe@…>:

Assigned UID: 2032 GID: 2032
Email forwarded to: marlowe@…
GECOS Field: "Patrick Ryan McDonald"
Login Shell: /bin/bash
Key Fingerprint: FEF9195238ACF8F6E2DBC65404F89D1CA2D1E972

Continue [No/yes]? yes
Updating LDAP directory..

Note: See TracTickets for help on using tickets.