On Thu, 2005-02-03 at 08:19 -0500, Jeff Johnson wrote:
> Whether changelogs should be part of an immutable region or not is an open
> question too. It is (and was) certainly possible to define a header
> immutable region
> without including changelogs content, which would permit truncation or other
> forms of normalization, editing header content while installing.
>
> I chose to put *all* tags into a header immutable region so that I
> would not have to have the discussion about which tags go where.
>
> For example, the content in changelogs, if not hardened by digest and/or
> signature,
> might be part of a socially engineered exploit to disguise a maliciously
> modified
> package. It's very hard not believe what you read.
Well, I didn't propose anything of that sort (i.e. changelog outside of
what is digested/signed) ;-). What I meant was that it is irrelevant
whether you sign/digest an actually existing stream of bytes which
contains the changelog or the result of a function which puts together
this stream from changelog and the remainder of the header.
Nils
--
Nils Philippsen / Red Hat / nphilipp@xxxxxxxxxx
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
