On Friday 30 April 2004 15.25, Andreas Kotes wrote: > What do you think? Signed binaries instead of tools like tripwire or > aide et all?
Solutions like tripwire and aide, or the forthcoming (when???) solution
of signing binary packages (together with the package containing
md5sums of all non-modifiable files) have the advantage of also
covering data files.
In other words: why put in an infrastructure covering executables only
when you need a solution to verify data files anyway (I think corrupted
data files may be equally bad as corrupted program files, as the
contents of a data file may influence the behaviour of a program
greatly. Think embedded scheme/perl/... snippets etc. etc.)
cheers
-- vbi
--
Confissoes podem fazer bem A alma, mas sao pessimas para a
reputacao.
-- Thomas Dewar
pgpXDLelIOL5b.pgp
Description: signature
