radical suggestion for fc4 release

Nils Philippsen nphilipp at redhat.com
Thu Feb 3 17:16:00 UTC 2005

On Thu, 2005-02-03 at 08:19 -0500, Jeff Johnson wrote:

> Whether changelogs should be part of an immutable region or not is an open
> question too. It is (and was) certainly possible to define a header 
> immutable region
> without including changelogs content, which would permit truncation or other
> forms of normalization, editing header content while installing.
> I chose to put *all* tags into a header immutable region so that I
> would not have to have the discussion about which tags go where.
> For example, the content in changelogs, if not hardened by digest and/or 
> signature,
> might be part of a socially engineered exploit to disguise a maliciously 
> modified
> package. It's very hard not believe what you read.

Well, I didn't propose anything of that sort (i.e. changelog outside of
what is digested/signed) ;-). What I meant was that it is irrelevant
whether you sign/digest an actually existing stream of bytes which
contains the changelog or the result of a function which puts together
this stream from changelog and the remainder of the header.

     Nils Philippsen    /    Red Hat    /    nphilipp at redhat.com
"They that can give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety."     -- B. Franklin, 1759
 PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011

More information about the fedora-devel-list mailing list