Subject: Re: signed binary pkgs [was: Re: BPG call for use cases]
To: Steven M. Bellovin <email@example.com>
From: Curt Sampson <firstname.lastname@example.org>
Date: 07/25/2005 11:55:41
On Sat, 23 Jul 2005, Steven M. Bellovin wrote:
>> It doesn't seem hard to produce a warning or an error if there are any
>> files in the archive not listed in the signature document, outside of
>> the signature document itself.
> It's not a warning, it's a flat-out error. Think of, say, /root/.profile
> or /etc/shosts being in the archive.
>> Duplicate entries?
>> If there are two files with the same name in the archive, the later
>> would be extracted over the earlier, anyway. Either they are the same
>> file, then, in which case we check twice and both pass, or they are
>> different, in which case one will fail the check, which can be treated
>> as any other failure.
> Will the later be extracted over the earlier? I've seen extraction
> programs that refuse to overwrite existing files. Or what if the
> verification against the hash is done at extraction time?
I think you'd definitely want to verify all of the files hashes before
extraction, so you don't do a partial extraction of a corrupt archive.
As for whether you extract the second copy and overwrite the first, if
they're the same file, it ought not matter; if they're different, the
hash check will fail.
> It's as strong *if* you've defined all the cases properly. The
> examples I've given are places where a straight-forward approach just
> doesn't cut it; it's not well-enough defined.
Ok; so we do need to define this clearly. I'll write up something at
some point and we can give it a good going-over.
Curt Sampson <email@example.com> +81 90 7737 2974 http://www.NetBSD.org
Make up enjoying your city life...produced by BIC CAMERA