[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Just an idea



Jose Nazario wrote:
> On Thu, 1 May 2003, Shane J Pearson wrote:
> 
>>If they can modify the packages on the ftp site, they can modify the
>>sums file too.
> 
> but this is what's already an accepted risk for the base tarballs in the
> system.

Yes, but I don't see how providing a sums file on the ftp sites gives
any security gains.

Why would the sums file be any more authoritive than the files it
references on the same server?