From: Karel Gardas <[EMAIL PROTECTED]>
I was in impression that patch signing was created mainly for making trusted archive mirrors on untrusted hosts possible. In some sense it was, certainly. From one perspective, the mirroring process is just an arch transport layer even though it's implementation recursively invokes higher levels of arch. Regarded as an application layer, arch adds some redundant checks on the transport and storage layers, and affords some pretty generic hooks for signing of archive transactions. That's a good place to stop. (CVS lacks such redundant checks and so notoriously fails on NFS and historically was attacked in the Linux kernel project.) Further security enhancements beyond those checks are apt to be, at this point in history, "situation specific". Add additional checksums or fancier signing all you like: but it would take very rigorous work to persuade me that the arch core should take on much of that burden. -t _______________________________________________ Gnu-arch-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-arch-users GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
