On Mon, May 03, 2004 at 01:49:01AM +0200, Andreas Kotes wrote: > Heya, > > * Andrew Pollock <[EMAIL PROTECTED]> [20040503 01:36]: > > On Fri, Apr 30, 2004 at 03:25:59PM +0200, Andreas Kotes wrote: > > > What do you think? Signed binaries instead of tools like tripwire or > > > aide et all? > > > > Sounds interesting. How does elfsign go with prelinking? > > I've got no idea, and no experience with prelinking. Perhaps you want to > try?
Heh, I don't know much more, just that prelinking busts the checksum of a binary. I've had a quick look at the licence, and I think it's currently unsuitable as DFSG-free, but I just dropped the upstream maintainer an email asking him if he'd like to relicense it (the GPL would serve the same purpose as his current licence I think). I'm not sure how elfsign would work in Debian's build environment. It would make sense to have source-only uploads, and the buildds sign the binaries as part of the build process. It's a shame it's using X509 certificates instead of PGP/GnuPG. regards Andrew
