Hacker News new | past | comments | ask | show | jobs | submit
noosphr | on: AI agent runs amok in Fedora and elsewhere
Every day the gpg web of trust looks better. If only we didn't spend the last 20 years trying as hard as possible to do anything but allow user side encryption and signing.
pjc50 | parent | next
It's allowed perfectly fine, it's just that key management is a massive hassle for nontechnical users. Debian use it for authenticating developers.
literalAardvark | parent | next
Nothing really stopping an agent from getting a key
crote | root | parent | next
The agent can't exactly show up to an in-person key signing party, can it?

And how many people are both dedicated enough to go to key signing parties and stupid enough to let an agent act without supervision in the name of their real-world identity?

m4rtink | root | parent | next
In this case the nathan-bot was also still on a plausible side - all the PRs looked kinda trivial & there were not outright rejections that would be a red flag for a maintainer checking the GitHub account activity during PR review.

Mucking with Bugzilla & reassigning bugs especially is what seems to have led to the discovery, rather than spotting an accumulation of nonsensical PRs or other behavior related to code unmasking the bot.

brazzy | root | parent
If gpg-style web of trust became ubiquitous, it would require correspondingly less dedication.

And on the other hand, if this was actually working up to an xz style supply chain attack, the dedication would certainly not be lacking.

account42 | root | parent
But it would leave more of a trail - do we have any idea who Jia Tan actually was?
brazzy | root | parent
If everyone used a gpg-style web of trust based on key signing parties, it would become trivial to use a stolen or entirely fictious identity as well - there's zero chance those parties would actually check identities in ways that cannot easily be defeated by a determined and resourceful attacker.
thwarted | root | parent | next
Having a key isn't a distinguishing aspect, it's the position in the "web of trust" network that is important.
thewebguyd | root | parent | next
That's what key signing parties are for. In person verification.
transmit101 | root | parent
> Nothing really stopping an agent from getting a key

It very much is possible to prevent an agent from having access to a key. For example, local encryption, Yubikey or other hardware device, or just running the agent in an isolated environment.

mistrial9 | parent
Isn't true that a collection of truly difficult behavior was also attracted to the original efforts, and within a few years there was intractable corruption in that, but it was difficult to detect as a new entrant?

real info welcome as I really do not claim to know it