Sven Krohlas wrote: > One solution might be to get the installer from a "secure source" > (well, a nice > word for something that doesn't exist in relity, imho),
Yes, this is exactly the problem here. > Another idea was to provide md5 sums of all Mozill builds, but this > only semms > to make sens if you also sign these md5 sums, because someone who can > spoof > ftp.mozilla.org can also spoof any other server for you. This signing > could > happen via pgp, Bug 68079. In any scheme, at least one file has to be PGP-verified by the user (or a user's agent like rpm). (Of course, at some point in time, the user must have gotten the mozilla.org PGP key.) Or am I missing a solution? > Don't use the net installer (and, for maximum security no downloaded > build), > but a version provided and verified by you favourite computer magazine. > This one is very ugly, the verification work would only be pushed to > another > place. Personally, I trust the ftp.mozilla.org I see more than the CD I get from my computer magazine. These guys deal with a lot of shaddy software, and probably just run Norton AV over it and that's it. I wouldn't use the net installer at all and instead use the tarballs/zipfiles or the full installer. This is a single file, which can easily be signed/verified via PGP. That's what I do with Beonex Communicator. Just get mozilla.org to sign the packages on a machine not directly accessible via the internet and forget about that net installer. Ben
