Date: Tue, 6 Feb 2001 13:02:08 -0500 (EST) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Wes Peters <wes@softweyr.com> Cc: freebsd-security@FreeBSD.ORG, freebsd-ports@FreeBSD.ORG Subject: Re: Package integrity check? Message-ID: <200102061802.NAA33086@khavrinen.lcs.mit.edu> In-Reply-To: <3A802FAF.792F61F5@softweyr.com> References: <20010205210459.A2479@acc.umu.se> <3A7F9AB6.5CAA983B@softweyr.com> <200102061526.KAA31832@khavrinen.lcs.mit.edu> <3A802FAF.792F61F5@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Tue, 06 Feb 2001 10:09:03 -0700, Wes Peters <wes@softweyr.com> said: > One of the signatures is a simple SHA1 crypto checksum, > that implies little other than you got what the package creator put > together to a fair degree of certainty. Erm, no. It implies that whomever last modified (read: trojaned) the package knew enough to update the checksum. This provides no additional security, unless: 1) Whatever process generates and checksums the packages also makes and signs a master list of all the checksums from each package, and 2) Whatever process installs software from the package compares its checksum against this master list, and verifies the signature of the master list. I think that this would be both useful and worthwhile, but again, we need to make sure that legally we are not promising anything other than ``these packages have not been modified since generation''. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102061802.NAA33086>