From owner-freebsd-hackers Tue Feb 18 06:57:09 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id GAA07985 for hackers-outgoing; Tue, 18 Feb 1997 06:57:09 -0800 (PST) Received: from eel.dataplex.net (eel.dataplex.net [208.2.87.2]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA07980 for ; Tue, 18 Feb 1997 06:57:06 -0800 (PST) Received: from [208.2.87.3] (shrimp [208.2.87.3]) by eel.dataplex.net (8.7.5/8.6.9) with ESMTP id IAA12215; Tue, 18 Feb 1997 08:57:01 -0600 (CST) X-Sender: rkw@mail.dataplex.net Message-Id: In-Reply-To: <199702181412.JAA23979@whyy.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 18 Feb 1997 08:55:12 -0600 To: "..je" From: Richard Wackerbarth Subject: Re: I guess we need to read all code, not just SUID stuff ! Cc: freebsd-hackers@FreeBSD.ORG Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >At 07:42 AM 2/18/97 -0600,Richard Wackerbarth wrote: > >>BTW, pgp or some other digital signature could enhance the security of the >>sources which are distributed by mail. >>We have previously discussed such an addition to CTM. >>However, to date, there has not been a problem. > >> >Would it be feasable to provide just the approiate checksums or the like >at a secure Distribution point that users could obtain through pgp ie:email >Then the hacker would have to comprimise both ends of the link! The problem is that the source is just too dynamic. In order to provide such checksums, we would have to automate the process. This would leave it open to the single point of attack at the source. If you are worried that a particular mirror is corrupt, you can always reference another. And mirrors should occasionally pay the price to revalidate all of their files against the master.