gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] tla--devo--1.2 has preliminary gpg stuff

From: Tom Lord
Subject: Re: [Gnu-arch-users] tla--devo--1.2 has preliminary gpg stuff
Date: Fri, 26 Dec 2003 11:55:27 -0800 (PST) 

    > From: James Blackwell <address@hidden>

    >> Thanks, nice script. However, it has a small problem -- if a
    >> checksum file exists but is unsigned, it tells you that it has
    >> a bad signature.

    > I don't see that as a bug. Checksum files are worthless if
    > they're not signed. After all, if the patches have been modified
    > by a nefarious person, then the checksum file could be modified
    > to match.

    > Thats rather the whole point of gpg signing.

Checksum files are _not_ useless without signing.  They have at least two
uses:

1) They can be used to detect media failures.

2) They provide an alternative to signing.  If, for exmaple, checksums
   are broadcast from trusted hosts (where they are first computed)
   on various channels to all mirrors of the archives on that host,
   then there's a public record of what that archive is supposed to
   contain which everyone can see and use for integrity checking.

   If the separate broadcast of the checksums is itself signed, then
   the same level of security is achieved without signing the checksum
   files in the archive itself.


At any rate, it should only be an error if the archive is a signed
archive.  Otherwise it should be at most a single warning that the
archive is unsigned.

-t
reply via email to
[Prev in Thread] Current Thread [Next in Thread]