Intrusion Detection using pkg?
Dmitry Morozovsky
marck at rinet.ru
Tue Apr 19 22:52:15 UTC 2016
On Mon, 18 Apr 2016, Matthew Seaman wrote:
[snip]
> > Unfortunately, after years of useless discussion we have no sane
> > signatures scheme in pkg, and I have no desire to continue these
> > discussions I'm afraid.
>
> I believe the current package signature stuff serves its purpose, which
> is to verify that the package tarball in question originated from an
> identified and trusted source and hasn't subsequently been tampered
> with. Which is fine, but there's a definite use-case for going further...
Well, I suppose we have usual problem here: "doing security well is a pain, and
doing it bad is simple and lead to false sense of security" (smilies at will)
For all years being a system admin and/or architect I'm thinking about
non-controversal (and useful) model of PKI or something similar, but still
failed :(
Which set of data are we going to protect? And how to protect the point for
protection (both reliably and useful for day-to-day procedures)?
Well, I also suppose this could be more a matter for -security@ also...
--
Sincerely,
D.Marck [DM5020, MCK-RIPE, DM3-RIPN]
[ FreeBSD committer: marck at FreeBSD.org ]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck at rinet.ru ***
------------------------------------------------------------------------
More information about the freebsd-pkg
mailing list