Tuesday, June 30, 2015

BSDCan 2015 Trip Report: Vsevolod Stakhov

During the BSDCan 2015 conference, I have attended the FreeBSD developers summit. I was particularly interested in the track called "Designing Universal Configuration Files for FreeBSD". As I'm the author of the library that was discussed,  I did a talk about library internals and discussed some open questions with Jonathan Anderson, David Chisnall and Allan Jude. We have planned some proposal changes, the interaction with libnv and casper and the following integration of UCL into FreeBSD base system. We have also discussed the desired features and Jonathan suggested a reasonable approach to implement missing ones.

Moreover, during the conference I have finished the feature of flexible dependencies in `pkg'. We have discussed this feature among all pkg developers that were also on BSDCan (namely, bapt@, matthew@ and bdrewery@). I've proposed my view of the future packages dependencies that would resolve the vast majority of the current issues with dependencies and upgrades. I'm going to write a detailed report about this feature to the pkg@ mailing list (I was just too busy with other tasks after the conference).

Another question we've discussed was the problem of digital signatures for packages and distributions. We have concluded that moving from RSA to ed25519 algorithm would simplify pkg architecture by avoiding linking to openssl (which is quite complicated for all openssl versions supported).

Further, after Ted Uagnst presentation I have a conversation with him and John-Mark Gourney (jmg@) about digital signatures formats, compatibility with OpenBSD signify tool and packages signing questions including the ways of how to verify signatures of untrusted sources with potentially malleable signing algorithms.

Afterwards, I've talked with Colin Percival (cpersiva@) asking for his comments about streamlined signatures scheme proposed by D.J. Bernstein. He agreed that this scheme might work securely providing a more convenient users' tool for digital signatures verification and creation.

Among other topics, I have discussed cryptography and security with John-Mark Gourney. We have also talked about '/dev/random' and fortuna upcoming patch. We discussed numerous topics about FreeBSD packages and pkg tool in particular with Baptiste Daroussin, Bryan Drewery and Matthew Seaman.

I have also extracted a lot of valuable information from BSDCan topics, namely from 'CloudABI' given by Ed Schouten and 'Protecting FreeBSD with Secure Virtual Architecture' given by John Criswell.

I'd like to thank the FreeBSD Foundation for giving me the possibility to attend the BSDCan 2015!

No comments:

Post a Comment