Development mailing list

Syndicate content
Archive of posts for haiku-development at FreeLists
Updated: 31 min 1 sec ago

[haiku-development] Re: Design for signed packages (Ingo Weinhold)

Wed, 2014-04-16 15:45
On 26.03.2014 22:49, Jonathan Schleifer wrote: Am 26.03.2014 um 22:29 schrieb Ingo Weinhold ingo_weinhold@xxxxxx: How is supporting multiple algorithms in one format different from supporting different formats versions with one algorithm each in this respect? In either case the older algorithm can easily be disabled when it is no longer considered secure. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Ingo Weinhold)

Wed, 2014-04-16 09:45
On 26.03.2014 21:47, Jonathan Schleifer wrote: Am 26.03.2014 um 21:19 schrieb Ingo Weinhold ingo_weinhold@xxxxxx: On 26.03.2014 04:08, Jonathan Schleifer wrote: Am 25.03.2014 um 21:55 schrieb Ingo Weinhold ingo_weinhold@xxxxxx: ...
Categories: Development

[haiku-development] Re: Please don't require cmd:gcc / cmd:g++ in recipes (Andrew Hudson)

Tue, 2014-04-15 23:45
Yes, currently, clang calls gcc for linking, which would result in calling itself then ;). Lol! There's something very, recursive and poetic about that. ...
Categories: Development

[haiku-development] Re: Please don't require cmd:gcc / cmd:g++ in recipes (Jonathan Schleifer)

Mon, 2014-04-14 16:45
Am 29.03.2014 um 21:48 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: Am 28/03/2014 22:42, schrieb Jonathan Schleifer: … and use cmd:cc / cmd:c++ instead. As long as the two aren't completely compatible and interchangeable (as in drop-in replacement), Clang is designed as a drop-in replacement indeed. And that works for most software quite well. The exception is software that depends on heinous GNU ...
Categories: Development

[haiku-development] Re: Please don't require cmd:gcc / cmd:g++ in recipes (Axel Dörfler)

Mon, 2014-04-07 19:45
Am 28/03/2014 22:42, schrieb Jonathan Schleifer: … and use cmd:cc / cmd:c++ instead. As long as the two aren't completely compatible and interchangeable (as in drop-in replacement), that change doesn't make sense (as they actually could not be built with clang), and if they are, it's not needed, as clang could just provide g++ and gcc, too. ...
Categories: Development

[haiku-development] Please don't require cmd:gcc / cmd:g++ in recipes (Jonathan Schleifer)

Mon, 2014-04-07 11:45
… and use cmd:cc / cmd:c++ instead. The reason is that currently, each of our recipes depends on GCC, even though I'm sure many could be built with Clang. GCC already provides cc and c++, and so could Clang do. New platforms could theoretically be Clang only (I'm considering doing that for PPC, as our GCC is currently giving problems there) and this would also make using Clang easier (if we want to go that route - maybe this is something we should vote on). -- ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Sun, 2014-04-06 23:45
Am 28.03.2014 um 22:12 schrieb Urias McCullough umccullough@xxxxxxxxx: I just think that we can solve Jonathan's concerns right away by adding a list of hashes for each of our downloaded packages used at build time in our Git repo and verifying them on download... whereas adding a full signing mechanism will take longer. Actually, it's part of the solution. We would need to throw away all current packages and do a new bootstrap build, then rebuild them all. Why? Because if we fix the issue, we still can't know if it didn't already happen. The NSA has ...
Categories: Development

[haiku-development] Re: Design for signed packages (Urias McCullough)

Sun, 2014-04-06 09:45
On Fri, Mar 28, 2014 at 2:06 PM, Julian Harnath julian.harnath@xxxxxxxxxxxxxx wrote: Urias McCullough umccullough@xxxxxxxxx schrieb: I don't understand how that's significantly different from simply maintaining hashes of all the binaries in our source control and verifying them during download. There's really no need to sign them assuming we trust devs who have commit access already. The advantage of signing over a simple hash is that it depends on the private key, which is well, private. An attacker who could gain access ...
Categories: Development

[haiku-development] Re: Design for signed packages (Julian Harnath)

Sun, 2014-04-06 02:45
Urias McCullough umccullough@xxxxxxxxx schrieb: I don't understand how that's significantly different from simply maintaining hashes of all the binaries in our source control and verifying them during download. There's really no need to sign them assuming we trust devs who have commit access already. The advantage of signing over a simple hash is that it depends on the private key, which is well, private. An attacker who could gain access to our package repo server could simply exchange the binaries and change the hashes. It's also easy to do a man-in-the-middle attack, changing ...
Categories: Development