Re: Crypto software that is exportable from the USA

To: debian-devel@lists.debian.org
Subject: Re: Crypto software that *is* exportable from the USA
From: Raul Miller <rdm@test.legislate.com>
Date: Sat, 23 Jan 1999 16:08:29 -0500
Message-id: <[🔎] 19990123160829.E3782@rdm.legislate.com>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 199901232101.OAA17994@eris.coyotesong.com>; from Bear Giles on Sat, Jan 23, 1999 at 02:01:58PM -0700
References: <[🔎] 19990123123404.F30279@hazel> <[🔎] 199901232101.OAA17994@eris.coyotesong.com>

Bear Giles <bear@coyotesong.com> wrote:
> But you're biting your own tail here.  Where do you get that "good"
> checksum?

Any place which is acceptable to the package maintainer -- perhaps out
of a pgp signed archive.

If the package maintainer can't produce a trustable package, it
doesn't matter how fancy you get.

Bootstrapping is hard -- best you can do for the general case is compare
notes after you've gotten a secure system up.  The one thing you have going
for you is that corrupted packages have to be visible, to someone,
or they're no danger.

-- 
Raul

Reply to:

Follow-Ups:
- Re: Crypto software that *is* exportable from the USA
  - From: Bear Giles <bear@coyotesong.com>

References:
- Re: Crypto software that *is* exportable from the USA
  - From: Raul Miller <rdm@test.legislate.com>
- Re: Crypto software that *is* exportable from the USA
  - From: Bear Giles <bear@coyotesong.com>

Prev by Date: Re: Crypto software that *is* exportable from the USA
Next by Date: Re: Update was Re: Unsatisfied depends in slink main
Previous by thread: Re: Crypto software that *is* exportable from the USA
Next by thread: Re: Crypto software that *is* exportable from the USA
Index(es):
- Date
- Thread

Re: Crypto software that *is* exportable from the USA

Re: Crypto software that is exportable from the USA