[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security vs. configure
|
From: |
Michael Still |
|
Subject: |
Re: security vs. configure |
|
Date: |
Mon, 23 Apr 2001 06:25:48 +1000 |
On 23 Apr 2001, Russ Allbery wrote:
> Tom Holroyd <address@hidden> writes:
>
> > What do you think? Is this a configure problem or should it be left to
> > "packagers"? Can configure include tools that make such integrity
> > verification easier (and automatic)? For example, "make dist" or
> > whatever could always create a GPG-signed file.
>
> Adding support to make dist for generating signatures would be an Automake
> thing, not an autoconf thing. That probably isn't a bad idea.
Autoconf could run gnupg / pgp (if present) after generating the configure
script and produce a checksum on the script. If this was a default action,
then it would increase the chance of developers having at least some
checksumming.
It doesn't fix doubt over the intentions of the developer though.
Mikal
--
Michael Still (address@hidden)
http://www.stillhq.com -- a whole bunch of Open Source stuff including PDF
software...
"Grrrrrrr! I'm a volleyballing machine!"