Subject: Re: little hacking project: bulk build checksums
To: Lasse Kliemann <lasse-list-tech-pkg-netbsd-2004@plastictree.net>
From: Hubert Feyrer <hubert@feyrer.de>
List: tech-pkg
Date: 01/22/2005 16:50:27
On Sat, 22 Jan 2005, Lasse Kliemann wrote:
>> Verify (manually) that the binary pkgs are not modified.
> Modified by whom?
>
> He who can modify the binary packages can also modify the checksums, unless you
> take extra precautions via file permissions and ownerships. But then, you can
> protect the binary packages against modification from the start.
>
> Or am I missing something?
When the checksum files are digitally signed (PGP), changing them isn't
possible.
> What is the exact scenario that you have in mind?
Do a bulk build, create checksum files, sign them, upload binary pkgs and
signed checksum files to ftp.netbsd.org.
- Hubert
--
NetBSD - Free AND Open! (And of course secure, portable, yadda yadda)