H. Peter Anvin wrote:
> Valdis.Kletnieks@vt.edu wrote:
>
>> On Wed, 29 Jan 2003 01:52:43 PST, "H. Peter Anvin" said:
>>
>>> No, it would add absolutely nothing (other than clutter.) All the
>>> .sign files are good for is to check for rogue mirrors.
>>
>> Or a rogue *primary* site, as has already happened to OpenSSH and
>> Sendmail.
>
> NO!
>
> THE SIGN FILES DO NOT VERIFY AGAINST A COMPROMISED KERNEL.ORG MASTER SITE.
Perhaps for the truly paranoid the signatures should be posted to this
newsgroup and digitally signed by someone trusted.
Chris
-- Chris Friesen | MailStop: 043/33/F10 Nortel Networks | work: (613) 765-0557 3500 Carling Avenue | fax: (613) 765-2986 Nepean, ON K2H 8E9 Canada | email: cfriesen@nortelnetworks.com- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jan 31 2003 - 22:00:22 EST