Re: Reflections on Trusting Trust

看板FB_security作者時間20年前 (2005/11/29 23:39), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串7/36 (看更多)
I'm new here, and I've posted only once. I just want to add my "just another user" opinion on this... Signing security advisories that sends the hashes for a file does a nice job. I think the only problem that exists is the package/ports deployment. I belive we can't trust only on hashes for this (tar already does a fine job on integrity...), because it can be easily circunvented. Maybe trusting this it is the real weakest link... One thing that could do a good job is default install gnupg and pre-install some important pgp public keys on ISOs releases, on root's profile... This pre-installed keys can be used by users, ports or pkg_tools, while installing or updating packages/ports. Who will sign is another problem, but I think it will improove things a bit anyway, minimising mitm attacks. My mom used to say "always prefer the pre-installed pub keys...". []'s aristeu _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 suporte. 的文章
文章代碼(AID): #13Z7OO00 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 7 之 36 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共36篇)
更多 suporte. 的文章
文章代碼(AID): #13Z7OO00 (FB_security)