FreeBSD 6.0->6.1 binary upgrade script
Peter Jeremy
peterjeremy at optushome.com.au
Sun Jul 9 08:46:51 UTC 2006
On Sun, 2006-Jul-09 00:42:31 -0700, Colin Percival wrote:
> I have written an automatic script
>for performing binary FreeBSD 6.0 -> FreeBSD 6.1 upgrades.
That sounds useful. Are you intending to provide this for future
FreeBSD minor-revision releases?
>Naturally, the cryptographic hashes of all the files are verified
>against values stored in the script, so as long as you trust the
>FreeBSD Security Officer (and if you don't, why are you running
>FreeBSD?), the process is entirely secure.
But how can I tell that the script came from the FreeBSD Security
Officer? You have signed your mail with a key (ID 0xD09347FC) that
claims to be a Colin Percival with an Oxford Uni address (whereas this
mail has a freebsd.org address) but the key that I downloaded from a
PGP keyserver has no other signatures. You don't have a key in the
FreeBSD CVS repository that I can locate and I can't find any keys on
www.daemonology.net. Basically, I only have your word that you are
who you claim to be.
(Of course, I still need to be able to trust the FreeBSD CVS repository
but if I can't trust that, I can't trust my OS either).
If you really are the FreeBSD Security Officer why can't I find copies
of your key and FreeBSD SO key (0xCA6CDFB2) that are counter-signed
by each other?
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060709/caebba8d/attachment.pgp
More information about the freebsd-stable
mailing list