Date: Wed, 9 Oct 2002 15:50:17 -0700 (PDT) From: Mike Hoskins <mike@adept.org> To: Erick Mechler <emechler@techometer.net> Cc: security@FreeBSD.ORG Subject: Re: md5 checksum server Message-ID: <20021009154809.O88571-100000@fubar.adept.org> In-Reply-To: <20021009220256.GN10532@techometer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Oct 2002, Erick Mechler wrote: > Unless I'm misunderstanding what you're proposing, this still doesn't > prevent someone from modifying both the tarball and the MD5 file. PGP > signatures are an even better method, and harder to spoof. Yes, PGP has been preferred to MD5 since its debut... So, how about a similar setup for PGP signatures? :) The main problem is laziness... And how many times have we heard that laziness is a core admin precept? So I don't think these sorts of problems will go away anytime soon. The only way to protect the innocnet then seems to "DTRT" whenever possible w/o requiring manual intervention on the part of the admin. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021009154809.O88571-100000>