Re: pkgng suggestion: renaming /usr/sbin/pkg to

看板FB_current作者時間13年前 (2012/08/26 10:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串30/74 (看更多)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/24/2012 07:01 PM, Baptiste Daroussin wrote: > Can anyone give me he details on the security related problem? Off the top of my head, it seems to represent a break in the chain of trust: how does the bootstrapper verify that the tarball it just downloaded to bootstrap pkg is genuine, and not, for example, a trojan? The source in usr.sbin/pkg/pkg.c[1] doesn't seem to suggest it cares. [1] http://git.cyberleo.net/?p=FreeBSD/releng/9.1.git;a=blob;f=usr.sbin/pkg/pkg.c;hb=b96b623d8debed8fa8fd7df5af01a350344549c9 - -- Fuzzy love, - -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net <CyberLeo@CyberLeo.Net> Furry Peace! - http://wwww.fur.com/peace/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlA5YRMACgkQi7w8kEi1KHLZhwCgrGb8piGeNb07IryWvoc/JdzH xfAAoNfxm+nLoXU7BUclKqnLGbkxgilX =o9Br -----END PGP SIGNATURE----- _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
更多 cyberleo. 的文章
文章代碼(AID): #1GEODULd (FB_current)
討論串 (同標題文章)
完整討論串 (本文為第 30 之 74 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共74篇)
更多 cyberleo. 的文章
文章代碼(AID): #1GEODULd (FB_current)