On Mon, Oct 25, 2004 at 11:53:17PM -0500, Gregory G Carter wrote: > They still crack Windows with perfectly signed packages from Microsoft. > I do not see signatures as such a big deal, therefore as they have not > really impacted code security of Microsoft products. They've impacted it greatly in terms of things like windows updater. The mess would have been even worse without it. > In FACT, I do not see how signing binaries helps really in dealing with > secure code for end users. As an admin you set various directories as "only rpm/up2date" can install, or even set "nothing is executable unless rpm/up2date installed it" type policies in SELinux and turn on signature checking. That makes the keys valuable for the policy side of enforcement. The tools to do this exist now. > Signed by Microsoft and of course, Doesn't Mean Jack. The best a > signed package can do is tell you where it is from. But, it doesn't > make your code any less crackable or any more secure. No argument there. Alan