From owner-freebsd-hackers Tue Feb 18 05:42:44 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id FAA04294 for hackers-outgoing; Tue, 18 Feb 1997 05:42:44 -0800 (PST) Received: from eel.dataplex.net (eel.dataplex.net [208.2.87.2]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA04289 for ; Tue, 18 Feb 1997 05:42:42 -0800 (PST) Received: from [208.2.87.3] (shrimp [208.2.87.3]) by eel.dataplex.net (8.7.5/8.6.9) with ESMTP id HAA10019; Tue, 18 Feb 1997 07:42:37 -0600 (CST) X-Sender: rkw@mail.dataplex.net Message-Id: In-Reply-To: <199702181316.IAA23508@whyy.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 18 Feb 1997 07:42:43 -0600 To: "..je" From: Richard Wackerbarth Subject: Re: I guess we need to read all code, not just SUID stuff ! Cc: freebsd-hackers@FreeBSD.ORG Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >I'm just getting my feet wet with pgp but perhaps it could be used to provide >a secure way of distributing the srcs? Presumably after a check of the >current >src's is completed! Our problem here is NOT with a security breach in the DISTRIBUTION. The problem is that the SOURCE has been compromised. It does no good to distribute accurate copies of corrupt files. BTW, pgp or some other digital signature could enhance the security of the sources which are distributed by mail. We have previously discussed such an addition to CTM. However, to date, there has not been a problem. Further, it can be argued that such a feature might cause an even greater false sense of security. A breach at the source is still a possibility. No amount of safeguarding can replace diligence on the part of the receiver of the information.