On Fri, Jan 2, 2009 at 4:22 AM, Mike Preston <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Its not that bad an idea... > > However, you still need to find a way to find the sites in the first > place, find out they are who they say they are and then authenticate the > downloads. > > Not impossible, but not trivial either.
I guess a trivial solution is just a bittorrent with relevant files in it. If AV companies issued updates out over BT as well, that would be nice. They could have a process of signing each update (do they already?) so that they're validated. Pretty trivial. > Mike Preston -- noon silky http://www.boxofgoodfeelings.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
