[haiku-development] Re: Design for signed packages
- From: Julian Harnath <julian.harnath@xxxxxxxxxxxxxx>
- To: <haiku-development@xxxxxxxxxxxxx>
- Date: Wed, 26 Mar 2014 22:25:17 +0100
Hey,
I'll just throw in a summary of the various issues discussed in this
thread and the ones surrounding it. The idea is that the discussion
shouldn't be gone to waste, a few things have been agreed on after all.
For now, let's focus more on what we can agree on than on the
disagreements.
Correct me if I'm wrong, but I guess agreement is on the following
things:
(1) Having a working and well-documented bootstrap process is
definitely a plus. Aside security, it makes porting Haiku to new
platforms easier.
(2) Using MD5 in package hashes is not a good choice anymore (see e.g.
[0]), a newer algorithm like SHA-2 or SHA-3 is more suited.
(3) Package signing is a good idea so the user can know if a package
really originates from a certain source. Whether a leap-of-trust or PKI
approach is better is still in disagreement, though.
(4) Secure boot would require a large amount of work. If someone wants
to do it, it should definitely be an optional feature.
So far so good...?
[0] http://en.wikipedia.org/wiki/Hash_function_security_summary
--
So long, jua
Other related posts:
