[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Making sure a program gets to the receiver intact



On Tue, 27 Dec 1994, Matt Blaze wrote:

> including tamper-evident seals on their packages, but until consumers
> learned to expect the seals, all the bad guys had to do was remove
> the seal entirely before replacing the tainted packages.  In the short
> term, given today's infrastructure, there's not a lot you can do.
> 
> Of course, in the medium- and long- term, the best solution is to
> design good schemes and deploy them widely enough that people learn
> to expect them.
> 
One solution, or start of a solution, is to tell the user about the 
signature checks, and how to go about verifying them in teh README text 
file, that most users come to expect in a package of software.  Or 
perhaps add into the tar and zipped packagea  file called SIGNATURECHECK 
or something suitably obvious, as well as explaining it.  I believe most 
users expect the README file enough to look in it, at least skimming it.

i want to know everything          http://www.mcs.com/~nesta/home.html
i want to be everywhere                     Nesta's Home Page        
i want to fuck everyone in the world               &
i want to do something that matters         /-/ a s t e zine