Re: pkgsrc binary packages security with pkgin

To: netbsd-users%netbsd.org@localhost
Subject: Re: pkgsrc binary packages security with pkgin
From: Jan Danielsson <jan.m.danielsson%gmail.com@localhost>
Date: Sat, 1 Feb 2020 16:52:55 +0100

On 2020-02-01 01:38, Greg Troxel wrote:
[---]
> If you can't trust your local storage, you have no basis for getting
> anything at all right.  Your local storage is where the public keys are
> stored that you use to validate, where you store files in installed
> packages, and where you store /usr//bin/login.  Seriously - if you can't
> trust your local computer, it's all over.

   Sure, but I meant explicitly local storage with regards to the
packages only -- they could be stored in a directory which is shared
among other users, for instance.  I.e. the packages could in theory be
manipulated, but the tools to validate them can't.

-- 
Kind Regards,
Jan

References:
- Re: pkgsrc binary packages security with pkgin
  - From: yarl-baudig
- Re: pkgsrc binary packages security with pkgin
  - From: Jan Danielsson
- Re: pkgsrc binary packages security with pkgin
  - From: Greg Troxel

Prev by Date: Re: pkgsrc binary packages security with pkgin
Next by Date: EC2 AMIs
Previous by Thread: Re: pkgsrc binary packages security with pkgin
Next by Thread: Re: pkgsrc binary packages security with pkgin
Indexes:

Home | Main Index | Thread Index | Old Index