Date: Tue, 18 Feb 1997 07:42:43 -0600 From: Richard Wackerbarth <rkw@dataplex.net> To: "..je" <jehrenkrantz@whyy.org> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: I guess we need to read all code, not just SUID stuff ! Message-ID: <l03010d0aaf2f60581736@[208.2.87.3]> In-Reply-To: <199702181316.IAA23508@whyy.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>I'm just getting my feet wet with pgp but perhaps it could be used to provide >a secure way of distributing the srcs? Presumably after a check of the >current >src's is completed! Our problem here is NOT with a security breach in the DISTRIBUTION. The problem is that the SOURCE has been compromised. It does no good to distribute accurate copies of corrupt files. BTW, pgp or some other digital signature could enhance the security of the sources which are distributed by mail. We have previously discussed such an addition to CTM. However, to date, there has not been a problem. Further, it can be argued that such a feature might cause an even greater false sense of security. A breach at the source is still a possibility. No amount of safeguarding can replace diligence on the part of the receiver of the information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03010d0aaf2f60581736>