Jorge Timón [ARCHIVE] on Nostr: 📅 Original date posted:2014-01-03 📝 Original message:On 1/3/14, Troy ...
📅 Original date posted:2014-01-03
📝 Original message:On 1/3/14, Troy Benjegerdes <hozer at hozed.org> wrote:
> 'make' should check the hash.
An attacker could replace that part of the makefile.
Anyway, I think this is more oriented for compiled binaries, not for
people downloading the sources. I assume most of that people just use
git.
> The binary should check it's own hash.
I'm afraid this is not possible.
> The operating system should check the hash.
There's package management systems like apt-secure that do exactly this.
📝 Original message:On 1/3/14, Troy Benjegerdes <hozer at hozed.org> wrote:
> 'make' should check the hash.
An attacker could replace that part of the makefile.
Anyway, I think this is more oriented for compiled binaries, not for
people downloading the sources. I assume most of that people just use
git.
> The binary should check it's own hash.
I'm afraid this is not possible.
> The operating system should check the hash.
There's package management systems like apt-secure that do exactly this.