From owner-cvs-all Fri Jun 9 17:53:23 2000 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 59F1737B714; Fri, 9 Jun 2000 17:53:14 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id RAA11242; Fri, 9 Jun 2000 17:53:14 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 9 Jun 2000 17:53:14 -0700 (PDT) From: Kris Kennaway To: "David O'Brien" Cc: Brian Fundakowski Feldman , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/comms/minicom/files md5 In-Reply-To: <20000609170125.B62028@dragon.nuxi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 9 Jun 2000, David O'Brien wrote: > On Fri, Jun 09, 2000 at 05:21:20PM -0400, Brian Fundakowski Feldman wrote: > > The diffing-to-find-what-makes-an-md5-change practice is a good > > thing, but how good is it really when the MD5 from a new version is > > generated and we act on blind trust? That happens more often than > > bouncing md5 hashes, so isn't there even _more_ of a chance of a trojan > > coming in? > > EXACTLY. Except on one but me understood this on IRC. I agreed with you, but thats not what the argument^Wdiscussion was about. See my earlier post. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message