Vulnerability Development mailing list archives
Re: Automatic updates (was: Nokia 7110 Wap Browser Hole)
From: Thierry Mallard <thierry.mallard () IDEALX COM>
Date: Sun, 23 Jul 2000 18:40:36 +0200
On Sun, Jul 23, 2000 at 02:04:59AM +0200, Bluefish wrote:
[...] But honestly I don't think automatic updates must be less secure than simply pointing your browser to windowsupdate.microsoft, or worse, totally unauthenticated updates like red hat's rpm.
I don't know much about security, but I noticed Mandrake (or probably RedHat) rpms are gpg signed : Before having incorporated the public key : [tsm@calvin RPMS]$ rpm --checksig qt-devel-1.44-20mdk.i586.rpm qt-devel-1.44-20mdk.i586.rpm: md5 GPG NOT OK After incorporation : [tsm@calvin RPMS]$ gpg --import RPM-GPG-KEYS gpg: clé 9B4A4024 : clé publique importée gpg: Quantité totale traitée : 1 gpg: importée : 1 [tsm@calvin RPMS]$ rpm --checksig qt-devel-1.44-20mdk.i586.rpm qt-devel-1.44-20mdk.i586.rpm: md5 gpg OK Just my two cents... -- Thierry Mallard | GnuPG key on pgp.ai.mit.edu http://IDEALX.com | key 0xA3D021CB http://thierry.mallard.com |
Attachment:
_bin
Description:
Current thread:
- Automatic updates (was: Nokia 7110 Wap Browser Hole) Bluefish (Jul 23)
- Re: Automatic updates (was: Nokia 7110 Wap Browser Hole) Thierry Mallard (Jul 23)