svn commit: r335402 - head/sbin/veriexecctl
Stephen Kiernan
hackagadget at gmail.com
Wed Jun 20 09:27:48 UTC 2018
On Tue, Jun 19, 2018 at 11:21 PM, Simon J. Gerraty <sjg at juniper.net> wrote:
> Conrad Meyer <cem at freebsd.org> wrote:
>
> > As a corollary to the above, the name "signature file" is used
> > repeatedly in the code, which is misleading. The file contains hashes
> > (digests), not signatures (MACs). The file itself is unsigned.
> > Nothing about this has signatures.
>
I think you mean "signature".
I belive the only place that says "signature file" is the veriexecctl.
And that was in the original sources from NetBSD.
For example, see the currentl veriexecctl in NetBSD and it still uses the
terminology "signature file".
http://cvsweb.netbsd.org/bsdweb.cgi/src/sbin/veriexecctl/veriexecctl.c?rev=1.40
But yes, I agree that it's the wrong term that they're using there.
> NetBSD refers to the hashes as fingerprints - AFAIK that terminology is
> retained.
>
> If the term signature is used to refer to anything other than the signed
> manifests that should be fixed.
>
That was in the veriexec that was the basis for the MAC conversion. I know
I had corrected some before, but probably missed the fact that it was used
in some other places. Easy to happen when you've seen the same code for
a number of years.
More information about the svn-src-head
mailing list