NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkgsrc binary packages security with pkgin
Jan Danielsson <jan.m.danielsson%gmail.com@localhost> writes:
> - If you don't know if:
> o the server storage can be trusted
> o you can fully trust the link
> o you can trust your local storage up until the point at which you
> install the package
> .. then you need the binary package to be signed.
If you can't trust your local storage, you have no basis for getting
anything at all right. Your local storage is where the public keys are
stored that you use to validate, where you store files in installed
packages, and where you store /usr//bin/login. Seriously - if you can't
trust your local computer, it's all over.
Home |
Main Index |
Thread Index |
Old Index