Date: Wed, 20 Jun 2018 02:27:46 -0700 From: Stephen Kiernan <hackagadget@gmail.com> To: "Simon J. Gerraty" <sjg@juniper.net> Cc: cem@freebsd.org, src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r335402 - head/sbin/veriexecctl Message-ID: <CAEm%2B2uU_k2fwKAs6zN6PB2hd3e906Mxo7HMTgJKF9ErQyWBLSQ@mail.gmail.com> In-Reply-To: <96021.1529475664@kaos.jnpr.net> References: <201806200108.w5K18sIR050132@repo.freebsd.org> <CAG6CVpV124ze%2BY6xX2ZFqbM%2B3hJNEJWR2qpnChpey=PmiW6qXg@mail.gmail.com> <96021.1529475664@kaos.jnpr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 19, 2018 at 11:21 PM, Simon J. Gerraty <sjg@juniper.net> wrote: > Conrad Meyer <cem@freebsd.org> wrote: > > > As a corollary to the above, the name "signature file" is used > > repeatedly in the code, which is misleading. The file contains hashes > > (digests), not signatures (MACs). The file itself is unsigned. > > Nothing about this has signatures. > I think you mean "signature". I belive the only place that says "signature file" is the veriexecctl. And that was in the original sources from NetBSD. For example, see the currentl veriexecctl in NetBSD and it still uses the terminology "signature file". http://cvsweb.netbsd.org/bsdweb.cgi/src/sbin/veriexecctl/veriexecctl.c?rev=1.40 But yes, I agree that it's the wrong term that they're using there. > NetBSD refers to the hashes as fingerprints - AFAIK that terminology is > retained. > > If the term signature is used to refer to anything other than the signed > manifests that should be fixed. > That was in the veriexec that was the basis for the MAC conversion. I know I had corrected some before, but probably missed the fact that it was used in some other places. Easy to happen when you've seen the same code for a number of years.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEm%2B2uU_k2fwKAs6zN6PB2hd3e906Mxo7HMTgJKF9ErQyWBLSQ>