Reflections on Trusting Trust
Alexander Leidinger
Alexander at Leidinger.net
Wed Nov 30 13:56:34 GMT 2005
Kris Kennaway <kris at obsecurity.org> wrote:
> On Tue, Nov 29, 2005 at 06:07:29PM -0800, Colin Percival wrote:
>> If we're going to sign anything, we need to ensure not just that we're
>> signing what we think we're signing, but also that we're signing what the
>> *end users* think that we're signing.
>
> Seems to me that ignorance and a false sense of security is bad
> wherever it appears, so all we can do is try our best to educate users
> about what they're getting.
By printing a nice text every time someone installs a signed package? Noisy
and annoying, but because of this nobody is allowed to say they didn't
knowed about it.
Bye,
Alexander.
--
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
HARTLEY'S SECOND LAW:
Never sleep with anyone crazier than yourself.
My corollary:
The completely psychotic have all the fun.
More information about the freebsd-security
mailing list