Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 18 Feb 1997 08:55:12 -0600
From:      Richard Wackerbarth <rkw@dataplex.net>
To:        "..je" <jehrenkrantz@whyy.org>
Cc:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: I guess we need to read all code, not just SUID stuff !
Message-ID:  <l03010d0baf2f709be956@[208.2.87.3]>
In-Reply-To: <199702181412.JAA23979@whyy.org>

next in thread | previous in thread | raw e-mail | index | archive | help
>At 07:42 AM 2/18/97 -0600,Richard Wackerbarth <rkw@dataplex.net>  wrote:
>
>>BTW, pgp or some other digital signature could enhance the security of the
>>sources which are distributed by mail.
>>We have previously discussed such an addition to CTM.
>>However, to date, there has not been a problem.
>
>>
>Would it be feasable to provide just the approiate checksums or the like
>at a secure Distribution point that users could obtain through pgp ie:email
>Then the hacker would have to comprimise both ends of the link!

The problem is that the source is just too dynamic. In order to provide such
checksums, we would have to automate the process. This would leave it
open to the single point of attack at the source.

If you are worried that a particular mirror is corrupt, you can always
reference another. And mirrors should occasionally pay the price to revalidate
all of their files against the master.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03010d0baf2f709be956>