gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE

From: Tom Lord
Subject: Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE
Date: Thu, 22 Jan 2004 10:18:16 -0800 (PST) 
    > From: Colin Walters <address@hidden>

    > On Thu, 2004-01-22 at 08:30, Rob Kaper wrote:

    > > With detached signatures you could avoid all this, because the original 
f=
    > ile
    > > is untouched - you would just sign the .gz and wouldn't even have to 
make
    > > md5sums anymore.

    > Nah...there's two files, the log and the patches.tar.gz.  It's cleaner
    > to have a checksum file and just sign that, instead of having two
    > signatures.

Beyond "cleaner", what signatures sign is not just the contents of
various files but also the listing of the revision directory and its
association with a particular fully-qualified revision name.

-t
reply via email to
[Prev in Thread] Current Thread [Next in Thread]