[PATCH] build: sign tarball instead of sha256sum

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Mar 15 08:35:46 PDT 2019


On Fri 2019-03-15 10:50:34 -0300, David Bremner wrote:
> Adam Majer <amajer at suse.de> writes:
>
>> The (my?) expectation is that a *.asc file is a detached signature. 
>> That's why GPG is warning when it is not a detached signature. But I can 
>> live with .sha256.asc if there is no .sha256 ;)
>
> Right, aren't detached signatures preferred in general? Or am I
> misremembering some gpg folklore?

Detached signatures are recommended for several reasons:

 * They can handle non-textual data
 
 * They are not confused by varying character sets/encodings of textual
   data

 * They clearly demarcate what is being signed (text documents with
   inline signatures can include arbitrary cruft before the signed text,
   or after the signature)

 * gpg (and gpgv)'s API has traditionally been ambiguous about what it
   means to say "gpg --verify foo.asc" depending on whether foo (without
   the ".asc") exists.  This API "shortcut" has a nasty failure mode,
   because an attacker can ship you an arbitrary "foo" and an
   inline-signed document as "foo.asc".  in that case, you might be
   surprised to find that while the signature verifies, it has nothing
   to do with "foo".


I don't think these situations are relevant for the case of a signed
sha256sum file verified in a sensible way:

 * we're dealing with textual data, guaranteed to be US-ASCII.
   Verifiers can explicitly make that assumption.

 * Modern versions of gpg (and gpgv) have an --output argument when
   validating a signature, making it much easier to see what
   specifically was signed, and avoiding any ambiguity about weird
   "foo.asc + unrelated foo" use cases (see my use of --output in the
   pipeline example upthread)


Detached signatures have the additional disadvantage of having to
juggle/coordinate more files when publishing or retrieving a new
release.

For the sake of shipping fewer files with each release, i think it makes
sense to use a clearsigned *.sha256.asc.

   --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20190315/c42827dc/attachment.sig>


More information about the notmuch mailing list