On Friday 30 April 2004 15.25, Andreas Kotes wrote: > What do you think? Signed binaries instead of tools like tripwire or > aide et all? Solutions like tripwire and aide, or the forthcoming (when???) solution of signing binary packages (together with the package containing md5sums of all non-modifiable files) have the advantage of also covering data files. In other words: why put in an infrastructure covering executables only when you need a solution to verify data files anyway (I think corrupted data files may be equally bad as corrupted program files, as the contents of a data file may influence the behaviour of a program greatly. Think embedded scheme/perl/... snippets etc. etc.) cheers -- vbi -- Confissoes podem fazer bem A alma, mas sao pessimas para a reputacao. -- Thomas Dewar
Attachment:
pgp5m49aSnQqJ.pgp
Description: signature