From owner-freebsd-security Tue Jan 11 13: 3:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (Postfix) with ESMTP id 28AD814F26 for ; Tue, 11 Jan 2000 13:03:29 -0800 (PST) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: by border.alcanet.com.au id <40330>; Wed, 12 Jan 2000 07:55:29 +1100 Content-return: prohibited From: Peter Jeremy Subject: Re: cvs commit: src/usr.sbin/ctm/ctm ctm.1 src/usr.sbin/ctm/ctm_rmail ctm_rmail.1 In-reply-to: ; from kris@hub.freebsd.org on Wed, Jan 12, 2000 at 06:45:14AM +1100 To: Kris Kennaway Cc: freebsd-security@FreeBSD.ORG Message-Id: <00Jan12.075529est.40330@border.alcanet.com.au> MIME-version: 1.0 X-Mailer: Mutt 1.0i Content-type: text/plain; charset=us-ascii References: <200001111218.WAA31198@nymph.detir.qld.gov.au> Date: Wed, 12 Jan 2000 07:55:28 +1100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-Jan-12 06:45:14 +1100, Kris Kennaway wrote: > we need to get a FreeBSD certificate authority of some sort set >up, and the CTM administrator would (have the generator) sign each delta >with a DSA key, the public half of which is distributed to the clients. Sounds excellent. As a further check, it would be nice if someone with access to the master CTM repository could run md5(1) across the repository and make the result available (together with the CTM deltas that it relates to). This would let people check that their local repositories haven't accumulated any bitrot. BTW, in making these changes to the CTM format, remember to make sure that the existing ctm can at least apply the new deltas (even if it can't understand the signatures) :-). Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message