From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 13:56:34 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E5AD16A424; Wed, 30 Nov 2005 13:56:34 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from www.ebusiness-leidinger.de (jojo.ms-net.de [84.16.236.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCF5343D76; Wed, 30 Nov 2005 13:56:15 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from Andro-Beta.Leidinger.net (p54A5E727.dip.t-dialin.net [84.165.231.39]) (authenticated bits=0) by www.ebusiness-leidinger.de (8.13.1/8.13.1) with ESMTP id jAUDNts3011901; Wed, 30 Nov 2005 14:24:13 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from localhost (localhost [127.0.0.1]) by Andro-Beta.Leidinger.net (8.13.3/8.13.3) with ESMTP id jAUDoHHp063016; Wed, 30 Nov 2005 14:50:17 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Wed, 30 Nov 2005 14:50:17 +0100 Message-ID: <20051130145017.895dszmso48oskcg@netchild.homeip.net> X-Priority: 3 (Normal) Date: Wed, 30 Nov 2005 14:50:17 +0100 From: Alexander Leidinger To: Kris Kennaway References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <438CE78F.303@freebsd.org> <20051130000552.GB60924@xor.obsecurity.org> <438D0961.40307@freebsd.org> <20051130032459.GA63255@xor.obsecurity.org> In-Reply-To: <20051130032459.GA63255@xor.obsecurity.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) / FreeBSD-4.11 X-Virus-Scanned: by amavisd-new X-Mailman-Approved-At: Wed, 30 Nov 2005 13:59:00 +0000 Cc: freebsd-security@FreeBSD.org, aristeu , Colin Percival Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 13:56:34 -0000 Kris Kennaway wrote: > On Tue, Nov 29, 2005 at 06:07:29PM -0800, Colin Percival wrote: >> If we're going to sign anything, we need to ensure not just that we're >> signing what we think we're signing, but also that we're signing what the >> *end users* think that we're signing. > > Seems to me that ignorance and a false sense of security is bad > wherever it appears, so all we can do is try our best to educate users > about what they're getting. By printing a nice text every time someone installs a signed package? Noisy and annoying, but because of this nobody is allowed to say they didn't knowed about it. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 HARTLEY'S SECOND LAW: Never sleep with anyone crazier than yourself. My corollary: The completely psychotic have all the fun.