[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages and signatures

On Mon, Jan 22, 2001 at 11:21:58PM -0300, Nicol?s Lichtmaier wrote:
>  The only way somebody could access the key is by compromising the machine,
> and by doing so the attacker could leave a hacked dinstall that would do
> whatever the attacker wants... Where is the flaw in my reasoning?

The impact of a key is larger (good or bad) because it can be verified AFTER
the files LEFT ftp-master. (And all of them leave FTP-MASTER before the
ARRIVE at the user).

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: