FSDB
Geoff Reedy
vader21 at imsa.edu
Mon Aug 11 21:02:54 UTC 2003
On Mon, Aug 11, 2003 at 01:42:32PM -0700, Florin Andrei <florin at sgi.com> said
> "Hewlett-Packard, IBM, RSA Security, InstallShield Software, and Sun
> Microsystems are also involved in the File Signature Database (FSDB)
> effort. The repository will store metadata about individual files
> created by each of the vendors, such as the file's name, a ¡born-on¢
> date and its digital hash values."
>
> Any plans to do that with Red Hat as well?
This sounds a lot like what can already be done with a command like rpm -Va.
The rpm database already stores MD5 sums, file sizes, modification
timestamps, file permissions, etc. for every installed package. Packages
themselves can be GPG signed to guarantee authenticity. For added security a
copy of the rpm database along with an rpm executable could be stored on some
read only media and the verify happen from there.
Geoff Reedy
--
Geoffrey Reedy vader21 at imsa.edu
More information about the fedora-devel-list
mailing list