[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages and signatures

* Matt Zimmerman 

| On Sun, Jan 28, 2001 at 09:59:14PM +0100, Tollef Fog Heen wrote:
| 
| > * Matt Zimmerman 
| > 
| > | A CD vendor presses a CD using the contents of the archive at time X, and the
| > | archive is compromised at X+k.  The CD vendor does not need to worry about his
| > | CD contents.
| > 
| > You do not always know when a compromise takes place - you just find
| > out that somebody has rooted you.  In which case one cannot know for
| > sure which packages are ok and which aren't.
| 
| Are you saying that if a compromise were discovered tomorrow, new potato CDs
| would have to be made?

If one cannot find the date of compromise, yes.  New potato CDs from
scratch.  Of course, if one can find the date (and be sure about it)
then one just has to go back to a 'last known good' state.  Which
might (or might not) be a huge job.

-- 

Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
Reply to: