On 11 Dec 2007, at 05:12, Michael G Schwern wrote:

Adam Kennedy posed me a stumper on #toolchain tonight. In short, having a test which checks your signature doesn't appear to be an actual deterrent to tampering. The man-in-the-middle can just delete the test, or just the
SIGNATURE file since it's not required.  So why ship a signature test?

The only thing I can think of is to ensure the author that the signature they're about to ship is valid, but that's not something that needs to be shipped.

It is something that needs to be shipped if you have the "CPAN is the definitive version of a module. Somebody can fork from it" attitude.

It certainly doesn't have to run though...


Reply via email to