Subject: Re: little hacking project: bulk build checksums
To: Lasse Kliemann <>
From: grant beattie <>
List: tech-pkg
Date: 01/23/2005 11:22:45
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Jan 22, 2005 at 04:41:43PM +0100, Lasse Kliemann wrote:

> * Hubert Feyrer writes:
> > On Sat, 22 Jan 2005, Lasse Kliemann wrote:
> > >What do you intend to use them for?
> >=20
> > Verify (manually) that the binary pkgs are not modified.
> Modified by whom?
> He who can modify the binary packages can also modify the checksums, unle=
ss you=20
> take extra precautions via file permissions and ownerships. But then, you=
> protect the binary packages against modification from the start.
> Or am I missing something?
> What is the exact scenario that you have in mind?

we have the ability to cryptographically sign binary packages, which
can be automatically verified by pkg_add.

I'd rather the effort be channeled into making this happen, rather
than adding checksums that will ~never be checked.


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.4 (NetBSD)