[ciphershed] Re: Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4

• From: Bill Cox <waywardgeek@xxxxxxxxx>
• To: ciphershed@xxxxxxxxxxxxx
• Date: Mon, 23 Jun 2014 10:04:13 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6/23/2014 9:46 AM, Stephen R Guglielmo wrote:
>> We now have Windows .exe files signed into the git repo.  We
>> should use them to verify newer versions of these exe files
>> rather than assuming they are golden and error-free.  If these
>> executables are hacked, it could be a disaster.  If they are out
>> of date and have unpatched buffer overflow bugs, they could be
>> exploited.  However, I think it is a good idea to have these
>> executables in git.  When we do releases, I think we should use
>> the latest versions of these executables from our favorite
>> sources (preferably sources that are not disclosed), and verify
>> that we get the same result as using the signed in versions.
> 
> Hm? I don't think there's any .exe files committed to git right
> now?

The GnuWin32 directory has dd.exe and gzip.exe.  The nasm-2.08
directory has nasm.exe.  All three were added in your commit
b5adb3ed5787eeb767e51200a857f5e104bb2983.  If I wanted to sneak in a
back-door this early in the project, hacking these files would be high
on my list!  However, it is more likely that we will run into hacked
executables going forward, so comparing results to the old executables
may make sense.

Bill


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJTqDPbAAoJEL9an3rWhBk+io4QAKoALd2o/uXTNVneGy4i3+rY
CQ2IZGwDK5HzgV6frtDnQK9xjjesBXrOQ+We7jXXFtH2LNZtL6ok02B94WE7xHhi
RJs1dy6YFzOwDlkLbp+e5v5tQIRrUQoENgrsRdGKhJCllSgf0rqGrh0h7qowVtdc
7S19w/q4cA8bY1RhpZG08TWu8KZduuK3d9XRTl8FPAlMCA1S/+5C697uJsswUmg9
NE7TGDQNyvurjn1dHfba/M2MooCeDlAatfH6XjM9DnUaklIKd45F8npYPhDy3v+O
GmGE6mtVgfCE/gMWQLoD7kuZMPwZA5Gz4Fx9G6VedDIypVa06eHAYj0qoyOxyxGa
Ap5M7x9kUzAK9NvB5UEgZJMp0s/X+4VbOWPkP2YhVB2yZiaWQCEGHtjaXtXH8lWW
blWMWY+QSyJu1/rHRPOGkYz7ZVx7B7MgaqHee2BqC03nnFVP5ebjA9eptkhwin7R
QvCOmoti0V0UX2kGXsPC8jYYZByPpVCa6F/O3ibqnk0v4xMRhBnmlLDe5/Y3Wh/x
r/TH+8bs/rGgdADs0Ips5xQ8liottjE/HN4rNmbHhg46lpbYUv95onTRMGnKAm4f
Uc2AwZwJMAgOaUSiwVB3TxGZ0Im1NvciPqtP6NdJPq5syFKYNOEkmpozrh2FV8S5
bn6pAJeVtNzvcDMzAoll
=8hR3
-----END PGP SIGNATURE-----

• Follow-Ups:
  • [ciphershed] Re: Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4
    • From: Stephen R Guglielmo

• References:
  • [ciphershed] Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4
    • From: Bill Cox
  • [ciphershed] Re: Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4
    • From: Stephen R Guglielmo

Other related posts:

• » [ciphershed] Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4- Bill Cox
• » [ciphershed] Re: Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4- Stephen R Guglielmo
• » [ciphershed] Re: Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4 - Bill Cox
• » [ciphershed] Re: Checked commit a03e565835e3ff66774a2a50946dc2290bcbc7d4- Stephen R Guglielmo

1. Home
2. ciphershed
3. Archive
4. 06-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---