Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Jun 1997 18:17:53 -0700
From:      John-Mark Gurney <jmg@hydrogen.nike.efn.org>
To:        Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Attempt to compromise root
Message-ID:  <19970620181753.20772@hydrogen.nike.efn.org>
In-Reply-To: <199706202045.QAA02968@khavrinen.lcs.mit.edu>; from Garrett Wollman on Fri, Jun 20, 1997 at 04:45:01PM -0400
References:  <33AAB0CA.2781E494@fsl.noaa.gov> <199706201909.PAA02705@khavrinen.lcs.mit.edu> <199706202045.QAA02968@khavrinen.lcs.mit.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman scribbled this message on Jun 20:
> <<On Fri, 20 Jun 1997 15:09:16 -0400 (EDT), I wrote:
> 
> > There already is such a thing.  Every recent release includes mtree
> > files with md5 digests of everything included in the distribution.
> > See the FTP site or CD-ROM.
> 
> I forgot to mention....
> 
> Probably the release engineer should generate and publish a digital
> signature of the files and the distribution's associated
> CHECKSUMS.MD5.  Actually, the installation system ought to be able
> itself to at least verify the MD5s of the tarballs it retrieves.

actually... I've submitted patches to Jordan that will add a -verify
flag to the install.sh scripts...  I just don't have the resources
to build a release, so I can't test the patches...

-- 
  John-Mark Gurney                          Modem/FAX: +1 541 683 6954
  Cu Networking

  Live in Peace, destroy Micro$oft, support free software, run FreeBSD



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970620181753.20772>