www.Usenet.com
www.Usenet.com
| <-- __Chronological__ --> | <-- __Thread__ --> |
For those who don't know Gentoo is a distro of Linux which uses a portage system where you build all of the programs you intend to use. It has nice security as well as configuration benefits [e.g. you build your own system with nothing more than you need] http://lists.netsys.com/pipermail/full-disclosure/2003-December/014440.html Makes me ask the question, why didn't they just sign the "emerge" files. In the grand scheme of things during a bootstrap build [of which I have done six myself] you spend 99.9999% of the time building. An additional 1 second per package would be trivial and would prevent such attacks from being practical [provided the developers don't put their private keys on public networks... Then this makes me ask the question. Clearly this is a problem that crypto could help solve easily. Why don't schools teach a simple class on the tools crypto provides as part of a standard CS program? E.g. rip out one of the redundant "this is a language classes" and move in a crypto class [nothing deep just enough to teach people what a hash is, what it gives you, what a digital signature is, etc...]. Seems like even if you just want to be a SW developer some crypto would be a good idea... [/rant] Tom
| <-- __Chronological__ --> | <-- __Thread__ --> |
