[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AutoRPM

To: independence-l@independence.seul.org
Subject: Re: AutoRPM
From: Roger Dingledine <arma@mit.edu>
Date: Tue, 7 Mar 2000 19:15:42 -0500
Delivery-Date: Tue, 07 Mar 2000 19:16:00 -0500
In-Reply-To: <Pine.LNX.4.10.10003072341390.8739-100000@pingu.cognite.net>; from cog@seul.org on Tue, Mar 07, 2000 at 11:52:42PM +0000
References: <Pine.LNX.4.10.10003072341390.8739-100000@pingu.cognite.net>
Reply-To: independence-l@independence.seul.org
Sender: owner-independence-l@independence.seul.org

On Tue, Mar 07, 2000 at 11:52:42PM +0000, David Webster wrote:
> Obviously I'd have to build some sort of package authentication, so
> someone doesn't spoof the machine address and install malicious packages
> on the users computer, but that shouldn't be too hard if I get the program
> to search for the Indy PGP key, rather than the RedHat one.

There was a long discussion of authentication for automatic updating
systems, on the bastille-linux list a month or so back. There were a
very large number of tricky issues that cropped up. (I imagine they
have archives somewhere...)

> Any ideas/comments?

Please transition your security rpm's from cran over to belegost, since
cran doesn't have much space and belegost has lots.
You have a 'cog' account on belegost, I believe. Let me know if things
aren't working.

Thanks,
--Roger

Follow-Ups:
- Re: AutoRPM
  - From: David Webster <cog@seul.org>
- Re: AutoRPM
  - From: JF Martinez <jfm2@club-internet.fr>

References:
- AutoRPM
  - From: David Webster <cog@seul.org>

Prev by Date: Re: Tips
Next by Date: Re: Tips
Prev by thread: AutoRPM
Next by thread: Re: AutoRPM
Index(es):
- Date
- Thread