On Mon, 2004-10-25 at 23:53 -0500, Gregory G Carter wrote: > They still crack Windows with perfectly signed packages from Microsoft. > In FACT, I do not see how signing binaries helps really in dealing with > secure code for end users. > It doesn't, of course. But it *does* help in ensuring that the user only installs code that Red Hat produced, rather than some hacker like the guy sending a security update from "fedora-redhat.com". If a system were set up to only accept signed packages, that package would not be accepted. This of course has *ZERO* effect on whether the code contained in a package is secure or not. But that is an entirely separate subject from the one we are discussing here. The benefit side of the argument is: if someone hacked a Rawhide mirror server and replaced the newest kernel update file with a trojaned one, anyone downloading that trojaned kernel would be screwed. And this would have nothing to do with the code in question being Rawhide code. The cost side of the argument is one which I am trying to understand but with which I am not so familiar. It's all a question of whether such a change would be net positive or negative... but I don't know enough to speak with any authority. The rest of you will have to figure it out. Cheers, -- Rodolfo J. Paiz <rpaiz@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part