[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: FSDB

From: Geoff Reedy <vader21 imsa edu>
To: rhl-devel-list redhat com
Subject: Re: FSDB
Date: Mon, 11 Aug 2003 16:02:54 -0500

On Mon, Aug 11, 2003 at 01:42:32PM -0700, Florin Andrei <florin sgi com> said
> "Hewlett-Packard, IBM, RSA Security, InstallShield Software, and Sun
> Microsystems are also involved in the File Signature Database (FSDB)
> effort. The repository will store metadata about individual files
> created by each of the vendors, such as the file's name, a ¡born-on¢
> date and its digital hash values."
> 
> Any plans to do that with Red Hat as well?

This sounds a lot like what can already be done with a command like rpm -Va.
The rpm database already stores MD5 sums, file sizes, modification
timestamps, file permissions, etc. for every installed package.  Packages
themselves can be GPG signed to guarantee authenticity.  For added security a
copy of the rpm database along with an rpm executable could be stored on some
read only media and the verify happen from there.

Geoff Reedy

-- 
Geoffrey Reedy                                       vader21 imsa edu

Follow-Ups:
- Re: FSDB
  - From: Florin Andrei

References:
- FSDB
  - From: Florin Andrei

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]