On Thu, Jan 14, 2010 at 08:40:20PM +0000, Chris Gerhard wrote: > On 14/01/2010 19:54, [email protected] wrote: > >On Thu, Jan 14, 2010 at 11:52:41AM +0000, Chris Gerhard wrote: > >>My concern as someone who works in support is that this will > >>generate fire drills and customer calls. The manual for pkg verify > >>should sing out that it does not do always use the sha1 to do a full > >>verification. > > > >Sorry, but documenting internal algorithms isn't appropriate. We want > >to reserve the right to change our hash algorithms and message digests > >without breaking existing software. Pkg verify is what you should use > >to verify the integrity of files installed by the packaging system. If > >you choose not to use that tool, you're on your own. > > And that is the problem. If you use anything else it will lead the > user down to the path of believing there is a problem when there is > not one. That will result in customer dissatisfaction and calls. > Unless we clearly document this behaviour or fix it.
Customers don't get to build tools on private interfaces and expect support. As I said before, I'm open to building an interface in our public API that security software can use to verify our files. However, if a system has been compromised, even manifest signing can be exploited since we assume the intruder will have the ability to replace manifests and the keys we use to verify them. You seem to be arguing just for the sake of arguing. -j _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
