tcpdump mailing list archives
Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster)
From: Michael Richardson <mcr () sandelman ca>
Date: Mon, 01 Apr 2024 14:06:29 -0400
Bill Fenner <fenner () gmail com> wrote:
> mcr suggested:
>> I wonder if we should nuke our own make tarball system.
> The creation of a tarball and its signature gives a place to hang one's hat
> about origin of code - "someone with the right key claims that this tarball
> genuinely reflects what the project wants to distribute". Is there a
> similar mechanism for a git tag?
Yes, git tag -s, lets you sign a commit with a PGP key.
_______________________________________________ tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
Current thread:
- openwrt Conclusions from CVE-2024-3094 (libxz disaster) Michael Richardson (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Bill Fenner (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Michael Richardson (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Bill Fenner (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Michael Richardson (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Guy Harris (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Francois-Xavier Le Bail via tcpdump-workers (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Michael Richardson (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Francois-Xavier Le Bail via tcpdump-workers (Apr 02)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Denis Ovsienko (Apr 02)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Denis Ovsienko (Apr 03)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Bill Fenner (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Denis Ovsienko (Apr 01)