From: | Curt Sampson <cjs(at)cynic(dot)net> |
---|---|
To: | Kurt Roeckx <Q(at)ping(dot)be> |
Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: PGP signing releases |
Date: | 2003-02-04 23:00:06 |
Message-ID: | Pine.NEB.4.51.0302050756290.561@angelic.cynic.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, 4 Feb 2003, Kurt Roeckx wrote:
> > There really isn't any comparison here.
>
> I didn't say you could compare the security offered by both of
> them. All I said was that md5 also makes sense from a security
> point of view.
MD5, or any other unsigned check, makes sense from a security point of
view only if it is stored independently from the thing you are checking.
So NetBSDs package system MD5 hashes help a little with security.
(You'd have to modify both those on the NetBSD FTP server or anoncvs or
whatever *and* the binary on an independently run FTP server.)
If the "security token" is stored with the item to be secured (i.e.,
on the same FTP server) and is unsigned, it is just as subject to
modification as the item itself, and provides no extra security.
cjs
--
Curt Sampson <cjs(at)cynic(dot)net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2003-02-04 23:35:42 | Re: POSIX regex performance bug in 7.3 Vs. 7.2 |
Previous Message | Curt Sampson | 2003-02-04 22:52:37 | Re: PGP signing releases |