--2FkSFaIQeDFoAt0B
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Hubert Feyrer writes:
> On Sat, 22 Jan 2005, Lasse Kliemann wrote:
> >>Verify (manually) that the binary pkgs are not modified.
> >Modified by whom?
> >
> >He who can modify the binary packages can also modify the checksums,=20
> >unless you
> >take extra precautions via file permissions and ownerships. But then, yo=
u=20
> >can
> >protect the binary packages against modification from the start.
> >
> >Or am I missing something?
>=20
> When the checksum files are digitally signed (PGP), changing them isn't=
=20
> possible.

Ok, so it is about protection against someone hacking into the ftp server o=
r=20
manipulating files during transfer somehow.

> >What is the exact scenario that you have in mind?
>=20
> Do a bulk build, create checksum files, sign them, upload binary pkgs and=
=20
> signed checksum files to ftp.netbsd.org.

I see. I would include the creation of checksums into some extra script the=
n=20
(similar to what Jan proposed).

BTW, how about signing the binary packages themselves?
Does this make a difference regarding security?

--=20
Lasse Kliemann
      private homepage: http://plastictree.net
   NO software patents: http://swpat.ffii.org
do NOT use M$ products: http://plastictree.net/articles/noms

--2FkSFaIQeDFoAt0B
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iD8DBQFB8o1t1gObwed86AkRAo/qAKDuofoPSgqUKOPZR7koqPpdN5HxUACdFbCg
uj0fCBIBgZZLHhmyczNxL8A=
=JItB
-----END PGP SIGNATURE-----

--2FkSFaIQeDFoAt0B--