Date: Tue, 18 Feb 1997 08:55:12 -0600 From: Richard Wackerbarth <rkw@dataplex.net> To: "..je" <jehrenkrantz@whyy.org> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: I guess we need to read all code, not just SUID stuff ! Message-ID: <l03010d0baf2f709be956@[208.2.87.3]> In-Reply-To: <199702181412.JAA23979@whyy.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>At 07:42 AM 2/18/97 -0600,Richard Wackerbarth <rkw@dataplex.net> wrote: > >>BTW, pgp or some other digital signature could enhance the security of the >>sources which are distributed by mail. >>We have previously discussed such an addition to CTM. >>However, to date, there has not been a problem. > >> >Would it be feasable to provide just the approiate checksums or the like >at a secure Distribution point that users could obtain through pgp ie:email >Then the hacker would have to comprimise both ends of the link! The problem is that the source is just too dynamic. In order to provide such checksums, we would have to automate the process. This would leave it open to the single point of attack at the source. If you are worried that a particular mirror is corrupt, you can always reference another. And mirrors should occasionally pay the price to revalidate all of their files against the master.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03010d0baf2f709be956>