[lsb-discuss] [Webdevel] Key for signing downloadable printer driver packages
Till Kamppeter
till.kamppeter at gmail.com
Thu Oct 9 15:06:35 PDT 2008
Theodore Tso wrote:
> On Thu, Oct 09, 2008 at 10:49:55PM +0200, Martin Pitt wrote:
>> openprinting.org already goes into the right direction by offering a
>> separate repository for each driver, so the repos can be enabled
>> individually depending on which driver the user wants.
>>
>
> Not that I want to dissuade distributions from trusting Linux
> Foundation staff :-), but does the separate repository really provide
> enough of a benefit to be worth the annoying to the end user of
> determining which repo's they need to enable?
>
The idea of having one repository for each driver is the following: A
user has for example an Epson inkjet printer which works perfectly with
the locally installed Gutenprint driver. Now he adds a Lexmark printer
which needs a driver which is not part of the distro and therefore not
locally installed. system-config-printer asks Jockey to look for a
driver for the detected printer. Jockey installs the driver which
Lexmark has uploaded into the OpenPrinting archive and adds the
repository in which the Lexmark driver is to /etc/apt/sources.list, so
that the system automatically finds updates of the driver. Imagine that
all drivers on OpenPrinting are in one repository. Then this repository
gets added and so also the Gutenprint driver gets updated by automatic
updates. This can lead the Epson inkjet to stop working if a newer
version of Gutenprint has a regression bug. With each driver having its
own repository only the drivers which the user has actually taken from
OpenPrinting get auto-updated.
> Without the fine-grained access controls, what would happen if a bad
> guy breaks into an external third party repository, and drops in a
> package for sshd with a higher version number? If instead of one
> repository, you have 100 repositories, it would be annoying for end
> users to figure out which one of the 100 repositories they need to
> enable for their printer(s), and the cost to the attacker is they
> might have install 99 hard links. :-)
>
The enabling of the repositories is done automatically by Jockey. If it
installs a driver, it activates its repository, if it uninstalls the
driver, it deactivates its repository. So even if OpenPrinting will have
200 repositories, there will be no machine in real live having so many
repositories, An office print server has perhaps 5 different printers
and a CUPS server catering for all 10000 cashier desks of a supermarket
chain has 10000 queues, but probably these printers are only very few
different models and so there are not more than 3 or 4 drivers.
> Maybe the right answer is we have a master repository which we can
> offer the distro's to mirror, with perhaps a weekly or monthly update
> cycle, and the distro's can do what ever quality checking their
> professional paranoids decide is necessary before they rebroadcast out
> to their customers? We'd still need to have signing keys, of course,
> but the question what we need to do in order to assure that distro's
> will be willing to consume our drivers.
If the distro rebroadcasts the drivers, they could rearrange them to
have less repositories if they want. And they can still use our high
amount of repositories to easily exclude an unwished driver (I hope they
will never need to do so).
Till
More information about the lsb-discuss
mailing list