Re: Arch Linux and security - it needs some work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 01/31/2010 09:18 PM, Nilesh Govindarajan wrote:
> On 01/31/2010 08:31 PM, Ananda Samaddar wrote:
>> [snip]
>>
>
> Key signing is not required for us I think. Because Arch people are
> the first to release package updates. It is tested properly and is
> given in .tar.gz archives. Even if a byte is altered in the archive
> then its md5sum would change so pacman will complain.
>
Close, but what about the package list? The proposals I've seen have
mostly been to just sign the package list, since the md5 takes care of
everything else.
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux