On 14/01/2010 21:17, [email protected] wrote:
On Thu, Jan 14, 2010 at 08:40:20PM +0000, Chris Gerhard wrote:
On 14/01/2010 19:54, [email protected] wrote:
On Thu, Jan 14, 2010 at 11:52:41AM +0000, Chris Gerhard wrote:
My concern as someone who works in support is that this will
generate fire drills and customer calls. The manual for pkg verify
should sing out that it does not do always use the sha1 to do a full
verification.
Sorry, but documenting internal algorithms isn't appropriate. We want
to reserve the right to change our hash algorithms and message digests
without breaking existing software. Pkg verify is what you should use
to verify the integrity of files installed by the packaging system. If
you choose not to use that tool, you're on your own.
And that is the problem. If you use anything else it will lead the
user down to the path of believing there is a problem when there is
not one. That will result in customer dissatisfaction and calls.
Unless we clearly document this behaviour or fix it.
Customers don't get to build tools on private interfaces and expect
support. As I said before, I'm open to building an interface in our
public API that security software can use to verify our files. However,
if a system has been compromised, even manifest signing can be exploited
since we assume the intruder will have the ability to replace manifests
and the keys we use to verify them.
I'm not sure I understand your point. If a customer uses bart(1) to
build check sums of a system and then uses that on another "identical"
system they will think the systems are different. No need to involve the
pkg system at all. Customer do this and will then call us if they have
systems that are running the same release but the files are different.
You seem to be arguing just for the sake of arguing.
No. I'm trying to point out that the current implementation has
significant support implications. If there is a way to mitigate that is
in the best interests of everyone.
--
Sent from my OpenSolaris Laptop
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
