Date: Tue, 28 Jan 2014 06:32:19 -0600 From: Mark Felder <feld@FreeBSD.org> To: freebsd-security@freebsd.org Subject: Re: online cheksum verification for FreeBSD Message-ID: <1390912339.18287.76258365.0317802C@webmail.messagingengine.com> In-Reply-To: <D5AFDA9E-4BC0-4E2A-8986-FD4283CEE918@elstel.org> References: <4BA27CDF.1040107@gmail.com> <D5AFDA9E-4BC0-4E2A-8986-FD4283CEE918@elstel.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 27, 2014, at 22:41, Elmar Stellnberger wrote: > However locally stored > checksums are not of use as they can > be manipulated arbitrarily. > This shouldn't be a concern when using signed packages, correct? Or if that's still a problem couldn't we just teach `pkg check` to confirm signature of the repository matches before verifying checksums?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1390912339.18287.76258365.0317802C>