Subject: Re: signed binary pkgs [was: Re: BPG call for use cases]
To: Curt Sampson <>
From: Bill Studenmund <>
List: tech-security
Date: 07/29/2005 18:51:42
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 22, 2005 at 07:03:26PM +0900, Curt Sampson wrote:
> On Fri, 22 Jul 2005, Hubert Feyrer wrote:
> >In the process of creating the +CONTENTS file from the PLIST (in=20
> >pkg_create) we calculate MD5 checksums of all files right now, so that m=
> >be a possible point to add that signing.
> We should be using better hashes than MD5, these days. But yes, possibly
> just signing the +CONTENTS file would do the trick. On the other hand,
> it might be nice to have a generic way of signing archives--I've put in
> a use case for that.
> >I think there's a difference if you sign every file in an archive, or th=
> >archive as a whole, and as such I'm not sure this approach is good enoug=
> Well, let's do a security analysis of it. It would be nice to avoid
> having to ship around two separate files all the time.

Uhm, signatures and archives and their combination have been around for
longer than NetBSD has been around as a project. There must be a lot of
prior art (good and bad) for us to use as examples. Shouldn't we use it?

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)