--6Nae48J/T25AfBN4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 22, 2005 at 07:03:26PM +0900, Curt Sampson wrote:
> On Fri, 22 Jul 2005, Hubert Feyrer wrote:
>=20
> >In the process of creating the +CONTENTS file from the PLIST (in=20
> >pkg_create) we calculate MD5 checksums of all files right now, so that m=
ay=20
> >be a possible point to add that signing.
>=20
> We should be using better hashes than MD5, these days. But yes, possibly
> just signing the +CONTENTS file would do the trick. On the other hand,
> it might be nice to have a generic way of signing archives--I've put in
> a use case for that.
>=20
> >I think there's a difference if you sign every file in an archive, or th=
e=20
> >archive as a whole, and as such I'm not sure this approach is good enoug=
h.
>=20
> Well, let's do a security analysis of it. It would be nice to avoid
> having to ship around two separate files all the time.

Uhm, signatures and archives and their combination have been around for
longer than NetBSD has been around as a project. There must be a lot of
prior art (good and bad) for us to use as examples. Shouldn't we use it?

Take care,

Bill

--6Nae48J/T25AfBN4
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFC6t0uWz+3JHUci9cRAn1gAJ94vzS120ZxNh0FD32OlwXFi8OJegCfeFUG
nK1y5dLGxjmA+uvbfObuDzM=
=SYwP
-----END PGP SIGNATURE-----

--6Nae48J/T25AfBN4--