[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Just an idea

To: Jose Nazario <jose@monkey.org>
Subject: Re: Just an idea
From: Shane J Pearson <shanep@ign.com.au>
Date: Fri, 02 May 2003 00:01:24 +1000
Cc: Leandro Costa <ldcosta@tutopia.com>, ports@openbsd.org
References: <20030501011254.63156762.ldcosta@tutopia.com> <3EB1180B.5030204@ign.com.au> <Pine.BSO.4.51.0305010913590.8064@naughty.monkey.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02

Jose Nazario wrote:
> On Thu, 1 May 2003, Shane J Pearson wrote:
> 
>>If they can modify the packages on the ftp site, they can modify the
>>sums file too.
> 
> but this is what's already an accepted risk for the base tarballs in the
> system.

Yes, but I don't see how providing a sums file on the ftp sites gives
any security gains.

Why would the sums file be any more authoritive than the files it
references on the same server?

Follow-Ups:
- Re: Just an idea
  - From: Jose Nazario <jose@monkey.org>
- Re: Just an idea
  - From: Leandro Chango <elchango@hypernode.com.ar>

References:
- Just an idea
  - From: Leandro Costa <ldcosta@tutopia.com>
- Re: Just an idea
  - From: Shane J Pearson <shanep@ign.com.au>
- Re: Just an idea
  - From: Jose Nazario <jose@monkey.org>

Prev by Date: Re: dovecot
Next by Date: Re: Just an idea
Prev by thread: Re: Just an idea
Next by thread: Re: Just an idea
Index(es):
- Date
- Thread