From owner-freebsd-security Tue Feb 6 7:27:51 2001 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id D019837B4EC; Tue, 6 Feb 2001 07:27:27 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id KAA31832; Tue, 6 Feb 2001 10:26:58 -0500 (EST) (envelope-from wollman) Date: Tue, 6 Feb 2001 10:26:58 -0500 (EST) From: Garrett Wollman Message-Id: <200102061526.KAA31832@khavrinen.lcs.mit.edu> To: Wes Peters Cc: freebsd-security@FreeBSD.ORG, freebsd-ports@FreeBSD.ORG Subject: Re: Package integrity check? In-Reply-To: <3A7F9AB6.5CAA983B@softweyr.com> References: <20010205210459.A2479@acc.umu.se> <3A7F9AB6.5CAA983B@softweyr.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > We could discuss some of the sensible things people asked for and > add them after the fact. We also need to be very clear about what it means for a package to be signed -- particularly in light of laws in the US and elsewhere giving legal status to digital signatures. If there's one good thing to be said about X.509, there's a lot of ways to stick signed blobs of text into those certificates.... -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message