On Tue, 2004-10-26 at 00:53, Gregory G Carter wrote: [snip] > Not something many would like to hear, but I think security in general > has not improved in computing because we have all of these not required > methods that make us THINK the code is safe (i.e. Oooo...the package is > digitally signed so its OK....), but in reality do not address the > primary issues of why executables are a risk....lack of source code. [snip] Interesting. How about this idea for a start. First, please note that I've added fedora-devel-list as I think this sub-thread, of sorts, is more on-topic for that list. Please send followups there. (Dang it! Why doesn't Evolution allow me to add custom headers?! Argh! Don't answer that...or if you do, please start a new thread. This one has morphed quite enough, already. :-)) How about this: 1) Build source package. 2) Sign source package. 3) Build binary package. 4) Embed SHA1 hash of signed source package in header of binary package. (Should be automatically built into the 'rpmbuild --rebuild' command and equivalents.) 5) Sign binary package. This would at least help ensure that a particular binary rpm did indeed come from a particular source package. As it stands, the SOURCERPM name is stored in the header, but that's not verification, it's only FYI type info that has no other src.rpm info in it (that I know of). Of course, with my luck, I'll find it write after hitting Send for this message. -- -Paul Iadonisi Senior System Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets
