On Wed, 16 Mar 2005, Tom Lord wrote: > > > It makes more sense to beef up security in a multi-modal fashion. > > For example, arch's security model already presumes that client > machines are secure. Therefore, the use of md5 in core arch is > ultimately just a redundant (except on NFS :-) layer of verification > of the transports and storage layers. Little would be gained by > strengthening the hash function given the kinds of disasters it > properly protects against.
I was in impression that patch signing was created mainly for making trusted archive mirrors on untrusted hosts possible. As Ivan already pointed out, MD5 seems to be the weakest point in Arch patch signing, hence my fears spread over this list. Or does Arch security model also assumes continual verification/comparison of original trusted archives with all its mirrors on untrusted hosts or some other kind of verification? If so, this is just news for me and I should rework part of my infrastrusture for our projects! Thanks, Karel -- Karel Gardas [EMAIL PROTECTED] ObjectSecurity Ltd. http://www.objectsecurity.com _______________________________________________ Gnu-arch-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-arch-users GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
