Subject: Re: little hacking project: bulk build checksums
To: None <tech-pkg@NetBSD.org>
From: Lasse Kliemann <lasse-list-tech-pkg-netbsd-2004@plastictree.net>
List: tech-pkg
Date: 01/22/2005 18:29:17
--2FkSFaIQeDFoAt0B
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* Hubert Feyrer writes:
> On Sat, 22 Jan 2005, Lasse Kliemann wrote:
> >>Verify (manually) that the binary pkgs are not modified.
> >Modified by whom?
> >
> >He who can modify the binary packages can also modify the checksums,=20
> >unless you
> >take extra precautions via file permissions and ownerships. But then, yo=
u=20
> >can
> >protect the binary packages against modification from the start.
> >
> >Or am I missing something?
>=20
> When the checksum files are digitally signed (PGP), changing them isn't=
=20
> possible.
Ok, so it is about protection against someone hacking into the ftp server o=
r=20
manipulating files during transfer somehow.
> >What is the exact scenario that you have in mind?
>=20
> Do a bulk build, create checksum files, sign them, upload binary pkgs and=
=20
> signed checksum files to ftp.netbsd.org.
I see. I would include the creation of checksums into some extra script the=
n=20
(similar to what Jan proposed).
BTW, how about signing the binary packages themselves?
Does this make a difference regarding security?
--=20
Lasse Kliemann
private homepage: http://plastictree.net
NO software patents: http://swpat.ffii.org
do NOT use M$ products: http://plastictree.net/articles/noms
--2FkSFaIQeDFoAt0B
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)
iD8DBQFB8o1t1gObwed86AkRAo/qAKDuofoPSgqUKOPZR7koqPpdN5HxUACdFbCg
uj0fCBIBgZZLHhmyczNxL8A=
=JItB
-----END PGP SIGNATURE-----
--2FkSFaIQeDFoAt0B--