On Fri, Jan 01, 1999 at 04:07:06PM -0500, Peter C. Norton wrote:
> On Fri, Jan 01, 1999 at 03:41:04PM -0500, Sam wrote:
>
> > No, that's your answer right there. This proposed feature is not going to
> > benefit anything else except Qmail. You do not stick features into system
> > management tools unless there's a clear benefit that will profit at least
> > a good fraction of the system that you are administering.
>
> If djb was interested in defining a way to verify his binaries to the
> extent that he felt it was safe and secure, then I don't see why that
> couldn't be added in. It might take some effort (having not looked
> through the rpm verification code, I don't know if it can define a
> program to exec in the database to do verification... this could be a
> nasty design problem). However, let's keep in mind that when this
> strategy was suggested by sdb, no-one stepped up to solidify the
> proposal, and djb has not made a peep about how he feels about this.
No that's a great idea. Have rpm spawn an external -_possibly_tampered_with_-
binary to verify qmail. Then having a control file with the uids in it sounds
safer to me.
> > > I'm not saying that. I'm saying that if the binary file editor will
> > > break rpm --verify, then why not fork and extension of rpm which will
> > > fix that? It's open source. It's allowed. That's the whole argument
> > > behind open source.
> >
> > Well, go ahead and do it. But unless you get Red Hat to accept your
> > additions, it will be a wasted effort.
>
> Personally I don't like the idea because I haven't been presented with
> a method of verfication that is any more secure then placing necessary
> uid info in a file. So why go through the extra effort of forking
> rpm, a package that is *very* widely deployed and supported (far more
> widely then qmail - at least 100x more, maybe upwards of 1000x more),
> and the only person who is causing any beef with it is djb?
Greetz, Peter.
--
<squeezer> AND I AM GONNA KILL MIKE | Peter van Dijk
<squeezer> hardbeat, als je nog nuchter bent: | [EMAIL PROTECTED]
<squeezer> @date = localtime(time); | realtime security d00d
<squeezer> $date[5] += 2000 if ($date[5] < 37); |
<squeezer> $date[5] += 1900 if ($date[5] < 99); | -x- I love Rhona -x-
