Date: Wed, 30 Nov 2005 14:50:17 +0100 From: Alexander Leidinger <Alexander@Leidinger.net> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-security@FreeBSD.org, aristeu <suporte@wahtec.com.br>, Colin Percival <cperciva@FreeBSD.org> Subject: Re: Reflections on Trusting Trust Message-ID: <20051130145017.895dszmso48oskcg@netchild.homeip.net> In-Reply-To: <20051130032459.GA63255@xor.obsecurity.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <438CE78F.303@freebsd.org> <20051130000552.GB60924@xor.obsecurity.org> <438D0961.40307@freebsd.org> <20051130032459.GA63255@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway <kris@obsecurity.org> wrote: > On Tue, Nov 29, 2005 at 06:07:29PM -0800, Colin Percival wrote: >> If we're going to sign anything, we need to ensure not just that we're >> signing what we think we're signing, but also that we're signing what the >> *end users* think that we're signing. > > Seems to me that ignorance and a false sense of security is bad > wherever it appears, so all we can do is try our best to educate users > about what they're getting. By printing a nice text every time someone installs a signed package? Noisy and annoying, but because of this nobody is allowed to say they didn't knowed about it. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 HARTLEY'S SECOND LAW: Never sleep with anyone crazier than yourself. My corollary: The completely psychotic have all the fun.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051130145017.895dszmso48oskcg>