Re: Reflections on Trusting Trust
On Sun, Nov 27, 2005 at 09:57:31AM +0100, Szilveszter Adam wrote:
> Hello Peter,
>
> On Sun, Nov 27, 2005 at 09:45:30AM +1100, Peter Jeremy wrote:
> > - Signing ISO images with a Project key and/or certificate in addition
> > to providing MD5 checksums.
> > - Investigate providing authenticated protocols for updating FreeBSD.
>
> Also, one should not forget the currently present FTP infrastructure
> either. While the content is publicly available, their integrity should
> be verifiable. The same goes for ports distfiles: ideally the should be
> signed, at least the checksums. The pkg_* tools AFAIK already have sig
> checking capability for
> the binary packages, but somehow this should be extended to the "build
> from source" version as well, particularly since this seems to be the
> more often used method.
Ports distfiles are recorded with MD5 (and SHA256 now that it's in the
base of 6.x, though it can be added via a port to other versions)
signatures. I'm not entirely sure of the pkg_* tools doing signature
verification but it would be nice to have.
-- WXS
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 4 之 36 篇):