Date: Fri, 20 Jun 1997 18:17:53 -0700 From: John-Mark Gurney <jmg@hydrogen.nike.efn.org> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Attempt to compromise root Message-ID: <19970620181753.20772@hydrogen.nike.efn.org> In-Reply-To: <199706202045.QAA02968@khavrinen.lcs.mit.edu>; from Garrett Wollman on Fri, Jun 20, 1997 at 04:45:01PM -0400 References: <33AAB0CA.2781E494@fsl.noaa.gov> <199706201909.PAA02705@khavrinen.lcs.mit.edu> <199706202045.QAA02968@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman scribbled this message on Jun 20: > <<On Fri, 20 Jun 1997 15:09:16 -0400 (EDT), I wrote: > > > There already is such a thing. Every recent release includes mtree > > files with md5 digests of everything included in the distribution. > > See the FTP site or CD-ROM. > > I forgot to mention.... > > Probably the release engineer should generate and publish a digital > signature of the files and the distribution's associated > CHECKSUMS.MD5. Actually, the installation system ought to be able > itself to at least verify the MD5s of the tarballs it retrieves. actually... I've submitted patches to Jordan that will add a -verify flag to the install.sh scripts... I just don't have the resources to build a release, so I can't test the patches... -- John-Mark Gurney Modem/FAX: +1 541 683 6954 Cu Networking Live in Peace, destroy Micro$oft, support free software, run FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970620181753.20772>