From owner-freebsd-hackers Tue Feb 18 06:12:28 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id GAA05693 for hackers-outgoing; Tue, 18 Feb 1997 06:12:28 -0800 (PST) Received: from whyy.org (root@whyy.org [207.245.67.105]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA05687 for ; Tue, 18 Feb 1997 06:12:23 -0800 (PST) Received: from tvmaster1.whyy.org (tvmaster1.whyy.org [199.234.236.48]) by whyy.org (8.7.5/8.7.3) with SMTP id JAA23979 for ; Tue, 18 Feb 1997 09:12:22 -0500 (EST) Date: Tue, 18 Feb 1997 09:12:22 -0500 (EST) Message-Id: <199702181412.JAA23979@whyy.org> X-Sender: jehrenkrantz@whyy.org X-Mailer: Windows Eudora Pro Version 2.1.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: freebsd-hackers@FreeBSD.ORG From: "..je" Subject: Re: I guess we need to read all code, not just SUID stuff ! Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk At 07:42 AM 2/18/97 -0600,Richard Wackerbarth wrote: >BTW, pgp or some other digital signature could enhance the security of the >sources which are distributed by mail. >We have previously discussed such an addition to CTM. >However, to date, there has not been a problem. > Would it be feasable to provide just the approiate checksums or the like at a secure Distribution point that users could obtain through pgp ie:email Then the hacker would have to comprimise both ends of the link! >Further, it can be argued that such a feature might cause an even greater >false sense of security. A breach at the source is still a possibility. >No amount of safeguarding can replace diligence on the part of the receiver >of the information. > I couldn't agree more, but a split D-point sure would make it MORE then just hard. Regards ..je