2008/7/1 Jordan Brown <[EMAIL PROTECTED]>: > Bart Smaalders wrote: >> >> Of course, we supply the elf hashes of the binaries in signed >> manifests... so that auditing can be performed as desired. > > I think you're missing the point. *Your* tools can audit just fine. The > problem is that all the *other* tools that people use to do audits, and in > particular the tools that they use to compare their systems against the > golden master that they are supposed to be copies of, will be looking at the > file en toto, not pulling it apart.
This leads me to believe that we need a policy that controls this so that those who care can force the system to update files based on hash instead of the more efficient algorithm. -- Shawn Walker _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
