On Mon, 25 Mar 2019 at 14:17, Miroslav Suchý msuchy@redhat.com wrote:
Dne 21. 03. 19 v 13:57 Neal Gompa napsal(a):
Forgive me, but what does sigul do that signd cannot? I'm unaware of any material differences between the two.
Sigul has very strong network isolation against the server and protections on on-disk keys (which are useless without a user passphrase), key binding against hardware (client and/or server-side), supports PKCS11 modules via NSS for the transport layer, and very strong auditing in its logs on what exactly has been signed/decrypted by whom.
When I started Copr I considered both Sigul and OBS signd. I spent several hours with Mirek Trmač - original author of Sigul and we talked about the pros and cons. It is several years, but IIRC:
Sigul allows better isolation. It even has its own transport layer. When you want to generate new private key, the procedure is very strict. (That was cons for Copr as we had to automate this step). No one is using Sigul but Fedora and RHEL.
I would like to point out that this conclusion is wrong: there are more parties using it, but not many of them are as well-known as Fedora, and most of them do not (want to) publish about their usage of it.
I can even say it is upstream dead, there are only fixes which keep it alive (like Py3 migration).
Additionally, I would not call it dead since I took it over, given that I've been adding new features to it over time. There's not a huge set of new features people have been asking for, so I've only been adding what I do hear about or need myself.
The cons of Sigul is that you must transfer whole file to Sigul, Sigul will sign it and send whole file back. Quite painful for some packages which are several hundred MB big. On the other hand this keeps good track of the files which were signed. OBS Sign get just checksum and sign the file base on the checksum. It is fast. OBS Signd is used by several projects. OBS and Copr are likely the biggest ones. It is documented (Sigul not).
What kind of documentation are you missing? I'd like to point out that the project README contains a reasonable set of instructions on how to get it set up and how to use the most common operations.
And it gets some enhancements over time - the pace is very slow, but better than Sigul. While OBS Signd was designed for OBS it is nicely isolated and can be used as standalone module.
My conlusion for Copr was - OBS Signd is secure enough for Copr so we rather cooperate with other distribution on common project rather than keeping alive project with unknown future.
Miroslav _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...