[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] crypto features and 1.2preX
From: |
Jason McCarty |
Subject: |
Re: [Gnu-arch-users] crypto features and 1.2preX |
Date: |
Mon, 29 Dec 2003 17:42:56 -0500 |
User-agent: |
Mutt/1.5.4i |
Tom,
Congratulations, this all sounds excellent. I do have one question,
though.
> To copy signatures, rather than sign anew, you need a special
> signing rule. In the file:
>
> ~/.arch-params/signing/$MIRROR
>
> where $MIRROR is archive name of the mirror, instead of a shell
> command, store the name of the archive from which signatures should
> be copied.
Why use the name of the source archive instead of just, say, "COPY"?
Just as a sanity check?
> ** Aggressive Protection: Watching for Removals and Changes
>
> Intrusion detection and media-checking software should also
> watch for the removal of revisions from an archive and for
> _changes_ (even if validly signed) to the signed checksum files
> in an archive.
>
> This can be accomplished with a few 10 lines of shell script
> along with a facility for safely storing a master list of expected
> archive contents.
I think tripwire or something could probably do a nice job of this too.
Jason