75 lines
3.1 KiB
Plaintext
75 lines
3.1 KiB
Plaintext
From ilug-admin@linux.ie Tue Oct 8 12:26:48 2002
|
|
Return-Path: <ilug-admin@linux.ie>
|
|
Delivered-To: zzzz@localhost.example.com
|
|
Received: from localhost (jalapeno [127.0.0.1])
|
|
by example.com (Postfix) with ESMTP id E41D916F03
|
|
for <zzzz@localhost>; Tue, 8 Oct 2002 12:26:47 +0100 (IST)
|
|
Received: from jalapeno [127.0.0.1]
|
|
by localhost with IMAP (fetchmail-5.9.0)
|
|
for zzzz@localhost (single-drop); Tue, 08 Oct 2002 12:26:47 +0100 (IST)
|
|
Received: from lugh.tuatha.org (postfix@lugh.tuatha.org [194.125.145.45])
|
|
by dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id g98APSK11003 for
|
|
<zzzz-ilug@example.com>; Tue, 8 Oct 2002 11:25:28 +0100
|
|
Received: from lugh.tuatha.org (localhost [127.0.0.1]) by lugh.tuatha.org
|
|
(Postfix) with ESMTP id CAF5134206; Tue, 8 Oct 2002 11:26:11 +0100 (IST)
|
|
Delivered-To: linux.ie-ilug@localhost
|
|
Received: from dspsrv.com (vir.dspsrv.com [193.120.211.34]) by
|
|
lugh.tuatha.org (Postfix) with ESMTP id C0B96341E1 for <ilug@linux.ie>;
|
|
Tue, 8 Oct 2002 11:25:08 +0100 (IST)
|
|
Received: from [195.17.199.3] (helo=waider.ie) by dspsrv.com with asmtp
|
|
(Exim 3.36 #1) id 17yrY3-0000WN-00; Tue, 08 Oct 2002 11:25:07 +0100
|
|
Message-Id: <3DA2B226.2060209@waider.ie>
|
|
From: Waider <waider@waider.ie>
|
|
MIME-Version: 1.0
|
|
To: brendan@zen.org
|
|
Cc: ilug@linux.ie
|
|
Subject: Re: [ILUG] packaging risks and the reputation of linux distributions
|
|
References: <200210081058.50438.brendan@zen.org>
|
|
Content-Type: text/plain; charset=us-ascii; format=flowed
|
|
Content-Transfer-Encoding: 7bit
|
|
Sender: ilug-admin@linux.ie
|
|
Errors-To: ilug-admin@linux.ie
|
|
X-Beenthere: ilug@linux.ie
|
|
X-Mailman-Version: 2.0.11
|
|
Precedence: bulk
|
|
List-Help: <mailto:ilug-request@linux.ie?subject=help>
|
|
List-Post: <mailto:ilug@linux.ie>
|
|
List-Subscribe: <http://www.linux.ie/mailman/listinfo/ilug>,
|
|
<mailto:ilug-request@linux.ie?subject=subscribe>
|
|
List-Id: Irish Linux Users' Group <ilug.linux.ie>
|
|
List-Unsubscribe: <http://www.linux.ie/mailman/listinfo/ilug>,
|
|
<mailto:ilug-request@linux.ie?subject=unsubscribe>
|
|
List-Archive: <http://www.linux.ie/pipermail/ilug/>
|
|
X-Original-Date: Tue, 08 Oct 2002 12:23:34 +0200
|
|
Date: Tue, 08 Oct 2002 12:23:34 +0200
|
|
|
|
Brendan Kehoe wrote:
|
|
> As a workaround, the various distributions could use a GPG singature to verify
|
|
> correctness of the file. Since the distributor's secret key is required to
|
|
> create that signature, it would add a pretty significant step that would have
|
|
> to be taken to make it possible to replace both a rpm or apt file and its
|
|
> accompanying signature.
|
|
|
|
Check your local friendly Red Hat installation:
|
|
|
|
[root@localhost up2date]# rpm --checksig zsh-4.0.2-2.src.rpm
|
|
zsh-4.0.2-2.src.rpm: md5 gpg ok
|
|
|
|
Of course, this is only as useful as, say, the gpg keys distributed with
|
|
the Kernel tarballs, i.e. if you don't actually bother checking the sig
|
|
then you are open to abuse. It's entirely possible that rpm can be
|
|
configured to require good signatures, but I've not read that part of
|
|
the fine manual just yet.
|
|
|
|
Cheers,
|
|
Waider.
|
|
--
|
|
waider@waider.ie / Yes, it /is/ very personal of me
|
|
|
|
--
|
|
Irish Linux Users' Group: ilug@linux.ie
|
|
http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
|
|
List maintainer: listmaster@linux.ie
|
|
|
|
|