On Mon, 2007-Jan-29 19:05:07 +0000, Gabor Kovesdan wrote: > Remove USE_GPG from all effected ports.
This sounds like it could have been useful. FreeBSD is currently sorely missing a good general authentication mechanism (though cperciva@ is doing his best to create bits of one). > was supposed to work is useless, because if we can't trust the distfile from > the remote machine, we can't trust the signature from the same machine > either. This isn't true. If you have a known good public key, then you can trust the signature (and hence the distfile), even if both are downloaded from crackers-r-us. The whole point of digital signatures is that you can obtain information from an untrusted source (eg the Internet) and be able to determine if it was has been tampered with. > Our MD5 and SHA256 are good for checking both the sanity and the > trustiness of distfiles. Except that the MD5 and SHA256 checksums can't be totally trusted. There are a variety of MITM attacks which could allow someone to alter checksums stored on an end-user hosts. I think it's unfortunate that the security team was not involved in this decision. -- Peter Jeremy
pgpTFEfzzbljT.pgp
Description: PGP signature
