Securing Rocketfuel

Registered by Stuart Bishop on 2005-10-22

Currently code committed to rocketfuel is signed by a GPG key stored on chinstrap and stored on chinstrap. Code is then pulled from rocketfuel to all of the database and production servers and run. This means that if chinstrap's pqm user is compromised all of our production systems may shortly follow and would be considered tainted, soon including the distribution itself, and from there the attack flows to our millions of users using automatic updates.

Chinstrap is a general access box with lots of accounts and literally hundreds of attack vectors making it the most likely box to fall to attack.

Blueprint information

Status:
Complete
Approver:
James Troup
Priority:
High
Drafter:
Stuart Bishop
Direction:
Approved
Assignee:
Robert Collins
Definition:
Approved
Series goal:
None
Implementation:
Implemented
Milestone target:
None
Started by
Stuart Bishop on 2006-08-16
Completed by
Stuart Bishop on 2006-08-16

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.