[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CGI scripts on www.octave.org broken
From: |
Steve Lipa |
Subject: |
Re: CGI scripts on www.octave.org broken |
Date: |
Wed, 31 Mar 2004 17:58:31 -0500 |
User-agent: |
Mutt/1.2.5i |
On Mar 31 Dmitri A. Sergatskov (address@hidden) wrote:
> Steve Lipa wrote:
>
>
> > I think you are missing the point here. Let's say the sources are hosted
> > on a machine named www2.octave.org in pub/octave-source.tar.gz the MD5
> > sum is in pub/index.html or pub/octave-source.tar.gz.md5. If some hacker
>
> The checksum is being mailed by John to the list when he announce new release.
> So you (and me and all subscribers) will have a copy of MD5 sum in their
> mailboxes.
>
OK. There is a little extra security for people who read the mailing lists,
I will grant you that. I suspect that the vast majority of the Octave
user base just goes to www.octave.org, downloads the code, and installs it
without ever reading a single post in the mailing list. And if they read
the post using the mailing list archive, well, it's been rooted too.
The bottom line is that for a price that differs from the price for generating
the MD5 sum infinitesimally, *all* Octave users can be virtually assured that
the code that they are getting from www.octave.org is exactly what Dr. Eaton
wants them to get.
> >There are some arguments that public key cryptography is not "real security"
> >either, but it is getting off-topic...
If you think you can show that public key cryptography in general and gpg in
particular do not provide "real security" this is an important breakthrough
and I urge you to publish your result.
Steve
--
Steve Lipa
address@hidden
gpg fingerprint = 8B68 77D7 9E09 9991 C97E 25FF 6A12 D2B9 EC7D 66C1
- CGI scripts on www.octave.org broken, David Bateman, 2004/03/31
- CGI scripts on www.octave.org broken, John W. Eaton, 2004/03/31
- Re: CGI scripts on www.octave.org broken, Steve Lipa, 2004/03/31
- Re: CGI scripts on www.octave.org broken, John W. Eaton, 2004/03/31
- Re: CGI scripts on www.octave.org broken, Dmitri A. Sergatskov, 2004/03/31
- Re: CGI scripts on www.octave.org broken, Steve Lipa, 2004/03/31
- Re: CGI scripts on www.octave.org broken, Dmitri A. Sergatskov, 2004/03/31
- Re: CGI scripts on www.octave.org broken, Steve Lipa, 2004/03/31
- Re: CGI scripts on www.octave.org broken, Dmitri A. Sergatskov, 2004/03/31
- Re: CGI scripts on www.octave.org broken,
Steve Lipa <=