Date: Fri, 9 Jun 2000 17:53:14 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: "David O'Brien" <obrien@FreeBSD.org> Cc: Brian Fundakowski Feldman <green@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/comms/minicom/files md5 Message-ID: <Pine.BSF.4.21.0006091752430.10797-100000@freefall.freebsd.org> In-Reply-To: <20000609170125.B62028@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 9 Jun 2000, David O'Brien wrote:
> On Fri, Jun 09, 2000 at 05:21:20PM -0400, Brian Fundakowski Feldman wrote:
> > The diffing-to-find-what-makes-an-md5-change practice is a good
> > thing, but how good is it really when the MD5 from a new version is
> > generated and we act on blind trust? That happens more often than
> > bouncing md5 hashes, so isn't there even _more_ of a chance of a trojan
> > coming in?
>
> EXACTLY. Except on one but me understood this on IRC.
I agreed with you, but thats not what the argument^Wdiscussion was
about. See my earlier post.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006091752430.10797-100000>