Re: [Gnu-arch-users] crypto features and 1.2preX

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] crypto features and 1.2preX

From:	Jason McCarty
Subject:	Re: [Gnu-arch-users] crypto features and 1.2preX
Date:	Mon, 29 Dec 2003 17:42:56 -0500
User-agent:	Mutt/1.5.4i

Tom,

Congratulations, this all sounds excellent. I do have one question,
though.

>   To copy signatures, rather than sign anew, you need a special
>   signing rule.  In the file:
> 
>         ~/.arch-params/signing/$MIRROR
> 
>   where $MIRROR is archive name of the mirror, instead of a shell
>   command, store the name of the archive from which signatures should
>   be copied.

Why use the name of the source archive instead of just, say, "COPY"?
Just as a sanity check?

> ** Aggressive Protection: Watching for Removals and Changes
> 
>   Intrusion detection and media-checking software should also 
>   watch for the removal of revisions from an archive and for
>   _changes_ (even if validly signed) to the signed checksum files
>   in an archive.
> 
>   This can be accomplished with a few 10 lines of shell script
>   along with a facility for safely storing a master list of expected
>   archive contents.   

I think tripwire or something could probably do a nice job of this too.

Jason

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnu-arch-users] crypto features and 1.2preX, Tom Lord, 2003/12/29
- Re: [Gnu-arch-users] crypto features and 1.2preX, Jason McCarty <=
  - Re: [Gnu-arch-users] crypto features and 1.2preX, Andrew Suffield, 2003/12/29
- [Gnu-arch-users] crypto support for mirrors at http://mirrors.sourcecontrol.net, James Blackwell, 2003/12/29

Prev by Date: [Gnu-arch-users] oh the heck with it -- tla-1.2pre0
Next by Date: Re: [Gnu-arch-users] revision lock problems (with
Previous by thread: [Gnu-arch-users] crypto features and 1.2preX
Next by thread: Re: [Gnu-arch-users] crypto features and 1.2preX
Index(es):
- Date
- Thread