I replied to some people about this privately, but since it's still being discussed on the list...
Peter Jeremy wrote: > On Mon, 2007-Jan-29 19:05:07 +0000, Gabor Kovesdan wrote: >> Our MD5 and SHA256 are good for checking both the sanity and the >> trustiness of distfiles. > > Except that the MD5 and SHA256 checksums can't be totally trusted. > There are a variety of MITM attacks which could allow someone to alter > checksums stored on an end-user hosts. I think it's unfortunate that > the security team was not involved in this decision. Short answer: I wasn't involved in the discussion before this option was removed, but I agree with its removal. Long answer: I can't think of any circumstances where an attacker who could play games with the distinfo files would not also be able to play games with the Makefile logic -- i.e., USE_GPG protects against precisely zero attackers. The correct place for GPG to be used is to make sure that ports committers are committing the correct distinfo files in the first place, and this wasn't what USE_GPG did (or would have done if it had ever been committed, which it wasn't). Colin Percival _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
