Re: Crypto software that *is* exportable from the USA
Bear Giles <bear@coyotesong.com> wrote:
> But you're biting your own tail here. Where do you get that "good"
> checksum?
Any place which is acceptable to the package maintainer -- perhaps out
of a pgp signed archive.
If the package maintainer can't produce a trustable package, it
doesn't matter how fancy you get.
Bootstrapping is hard -- best you can do for the general case is compare
notes after you've gotten a secure system up. The one thing you have going
for you is that corrupted packages have to be visible, to someone,
or they're no danger.
--
Raul
Reply to: