Subject: Re: little hacking project: bulk build checksums
To: Lasse Kliemann <email@example.com>
From: grant beattie <grant@NetBSD.org>
Date: 01/23/2005 11:22:45
Content-Type: text/plain; charset=us-ascii
On Sat, Jan 22, 2005 at 04:41:43PM +0100, Lasse Kliemann wrote:
> * Hubert Feyrer writes:
> > On Sat, 22 Jan 2005, Lasse Kliemann wrote:
> > >What do you intend to use them for?
> > Verify (manually) that the binary pkgs are not modified.
> Modified by whom?
> He who can modify the binary packages can also modify the checksums, unle=
> take extra precautions via file permissions and ownerships. But then, you=
> protect the binary packages against modification from the start.
> Or am I missing something?
> What is the exact scenario that you have in mind?
we have the ability to cryptographically sign binary packages, which
can be automatically verified by pkg_add.
I'd rather the effort be channeled into making this happen, rather
than adding checksums that will ~never be checked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)
-----END PGP SIGNATURE-----