Reflections on Trusting Trust

Alexander Leidinger Alexander at Leidinger.net
Wed Nov 30 13:56:34 GMT 2005


Kris Kennaway <kris at obsecurity.org> wrote:

> On Tue, Nov 29, 2005 at 06:07:29PM -0800, Colin Percival wrote:

>> If we're going to sign anything, we need to ensure not just that we're
>> signing what we think we're signing, but also that we're signing what the
>> *end users* think that we're signing.
>
> Seems to me that ignorance and a false sense of security is bad
> wherever it appears, so all we can do is try our best to educate users
> about what they're getting.

By printing a nice text every time someone installs a signed package? Noisy
and annoying, but because of this nobody is allowed to say they didn't
knowed about it.

Bye,
Alexander.

-- 
http://www.Leidinger.net  Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org     netchild @ FreeBSD.org  : PGP ID = 72077137
HARTLEY'S SECOND LAW:
	Never sleep with anyone crazier than yourself.

My corollary:
	The completely psychotic have all the fun.




More information about the freebsd-security mailing list