Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 8 Feb 2001 13:21:23 +0100
From:      Markus Holmberg <markush@acc.umu.se>
To:        Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc:        Wes Peters <wes@softweyr.com>, freebsd-security@FreeBSD.ORG, freebsd-ports@FreeBSD.ORG
Subject:   Re: Package integrity check?
Message-ID:  <20010208132123.A4400@acc.umu.se>
In-Reply-To: <200102061802.NAA33086@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Tue, Feb 06, 2001 at 01:02:08PM -0500
References:  <20010205210459.A2479@acc.umu.se> <3A7F9AB6.5CAA983B@softweyr.com> <200102061526.KAA31832@khavrinen.lcs.mit.edu> <3A802FAF.792F61F5@softweyr.com> <200102061802.NAA33086@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thanks Wes.

I'm running -STABLE (and I was mostly just curious, not in a hurting need
for this functionality right away) so I'm not sure I'm trying it out. But
it's good to know it's available.

On Tue, Feb 06, 2001 at 01:02:08PM -0500, Garrett Wollman wrote:
> 1) Whatever process generates and checksums the packages also makes
> and signs a master list of all the checksums from each package, and
> 
> 2) Whatever process installs software from the package compares its
> checksum against this master list, and verifies the signature of the
> master list.

It was these two things that I was thinking of in first place.. (When
asking if it was possible to check for package integrity). But I realize
it is not conceivable without a good deal of effort, so I was merely
wondering if anyone else thought of it.

> I think that this would be both useful and worthwhile, but again, we
> need to make sure that legally we are not promising anything other
> than ``these packages have not been modified since generation''.

Of course, one could not ask for anything else either (more than to know
that the packages were built by the FreeBSD Project and have not been
modified since, as is the same with building software from the ports
system).

Markus

-- 

Markus Holmberg         |       Give me Unix or give me a typewriter.
markush@acc.umu.se      |       http://www.freebsd.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010208132123.A4400>