Reflections on Trusting Trust

Kris Kennaway kris at
Tue Nov 29 23:27:05 GMT 2005

On Tue, Nov 29, 2005 at 01:36:31PM -0200, aristeu wrote:
> I'm new here, and I've posted only once. I just want to add my "just 
> another user" opinion on this...
> Signing security advisories that sends the hashes for a file does a nice 
> job.
> I think the only problem that exists is the package/ports deployment. I 
> belive we can't trust only on hashes for this (tar already does a fine job 
> on integrity...), because it can be easily circunvented. Maybe trusting 
> this it is the real weakest link...

I'd be happy to work with someone who can implement a solution for the
package side.  The important thing to keep in mind is that packages
are built automatically on many distributed machines.  Any solution
for signing packages would therefore need to also be automated,
e.g. signing them automatically when the packages are pulled back from
the build client to server.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-security mailing list