Subject: Re: little hacking project: bulk build checksums
To: Lasse Kliemann <lasse-list-tech-pkg-netbsd-2004@plastictree.net>
From: grant beattie <grant@NetBSD.org>
List: tech-pkg
Date: 01/23/2005 11:22:45
--7LkOrbQMr4cezO2T
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Jan 22, 2005 at 04:41:43PM +0100, Lasse Kliemann wrote:

> * Hubert Feyrer writes:
> > On Sat, 22 Jan 2005, Lasse Kliemann wrote:
> > >What do you intend to use them for?
> >=20
> > Verify (manually) that the binary pkgs are not modified.
>=20
> Modified by whom?
>=20
> He who can modify the binary packages can also modify the checksums, unle=
ss you=20
> take extra precautions via file permissions and ownerships. But then, you=
 can=20
> protect the binary packages against modification from the start.
>=20
> Or am I missing something?
> What is the exact scenario that you have in mind?

we have the ability to cryptographically sign binary packages, which
can be automatically verified by pkg_add.

I'd rather the effort be channeled into making this happen, rather
than adding checksums that will ~never be checked.

grant.


--7LkOrbQMr4cezO2T
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iD8DBQFB8u5UluYOb9yiFXoRAshqAKCNqOa+hMdFs2neAJlGDE728SwulQCdH4yw
UX7oeJA2IP6NACVXuXfJZRY=
=6tAJ
-----END PGP SIGNATURE-----

--7LkOrbQMr4cezO2T--