[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Study: Attacks on package managers



Hi,

obviously that means metadata needs good signatures as packages do,
right? That should be easy to implement. Also metadata should be
versioned and that version should be updated on a regulary (e.g. daily)
base. (I don't know if it already is) Than one could simply diff the
metadata(-hash) of two or more servers with a trusted base server to
figure out if someone holds back updates.

So that should not be _that_ big problem at all, right?

Christoph 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]