[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package management unsafe?

On Sun, Jul 13, 2008 at 02:13:08AM +0200, Franklin PIAT wrote:
If we also consider the fact that the computer local time might be wrong
(hwclock bug + a ntp man-in-the-middle...), re-signing the files doesn't
help either [in this very specific case].

I think that your average user would notice if the time were wrong.
Even if the user isn't in an environment that is time-sensitive (e.g. a
network using Kerberos), most people would wonder what happened if their
computer's time were suddenly several days off.  I think the much more
likely case is that the time is accidentally incorrect, such as when a
new machine is first installed.  That may affect the installation of ntp
itself, perhaps.

brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to: