Date: Sat, 08 Mar 2003 22:34:37 +0000 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: "Simon L. Nielsen" <simon@nitro.dk> Cc: freebsd-binup@FreeBSD.ORG Subject: Re: binup project Message-ID: <5.0.2.1.1.20030308222612.033d0e90@popserver.sfu.ca> In-Reply-To: <20030308180302.GA431@nitro.dk> References: <5.0.2.1.1.20030307134749.01d80ba8@popserver.sfu.ca> <200303061459.00436.michael@zend.com> <200303061459.00436.michael@zend.com> <5.0.2.1.1.20030307134749.01d80ba8@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 19:03 08/03/2003 +0100, Simon L. Nielsen wrote: >I remember looking at it and it looked very interesting. If I remember >correctly >on "only" deals with making/applying updated and not the distribution right? > >Perhaps your code could be put together with the simple HTTP protocol I was >looking at to actually get a complete remote binary updater... It could be a >start for a full binup. My code cryptographically signs the updates; they can then be distributed by whatever means is convenient (http, ftp, shortwave radio broadcast...) although since the client code uses fetch(1) that imposes some restrictions. Doing things this way, in addition to eliminating spoofing attacks, also makes it possible for the severely paranoid to perform all secure operations on a system which is physically disconnected from the Internet (and copy the update files to a webserver via sneakernet). Colin Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-binup" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20030308222612.033d0e90>