Reflections on Trusting Trust

Alexander Leidinger Alexander at
Wed Nov 30 13:56:34 GMT 2005

Kris Kennaway <kris at> wrote:

> On Tue, Nov 29, 2005 at 06:07:29PM -0800, Colin Percival wrote:

>> If we're going to sign anything, we need to ensure not just that we're
>> signing what we think we're signing, but also that we're signing what the
>> *end users* think that we're signing.
> Seems to me that ignorance and a false sense of security is bad
> wherever it appears, so all we can do is try our best to educate users
> about what they're getting.

By printing a nice text every time someone installs a signed package? Noisy
and annoying, but because of this nobody is allowed to say they didn't
knowed about it.


--  Alexander @ PGP ID = B0063FE7     netchild @  : PGP ID = 72077137
	Never sleep with anyone crazier than yourself.

My corollary:
	The completely psychotic have all the fun.

More information about the freebsd-security mailing list