[Info-vax] How do I make zip, unzip etc. available to all users?
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon Jan 11 17:02:57 EST 2016
On 2016-01-11 18:56:47 +0000, RobertsonEricW said:
> On Monday, January 11, 2016 at 11:40:17 AM UTC-5, Stephen Hoffman wrote:
>>
>> If you're willing to trust a third-party to sign the kits (and install
>> an enablement kit), this can be dealt with.
>>
>> Irrespective of the signing authority, running test installs doesn't
>> tell you if there's a vulnerability or a backdoor somewhere in the
>> package, though.
>
> Nope. But that was never the responsibility of Secure Delivery. Secure
> delivery promises only identification of the producer and fidelity of
> transmission from the producer's point of origination to point of
> consumption. The current state of computing relies on software and
> network scanners which look for known patterns of code and/or code
> execution and network communication patterns to alert to the
> possibility of vulnerabilities and penetration therefrom (not that such
> reactionary results are particulary comforting from a security
> perspective; but that is a whole other discussion)
SD is not the current state of computing. It's probably ten years
back. Which means SD is targeting older issues. It's also
ill-documented at best, and open to various attacks, and once you've
installed one unsigned kit or loaded one untracked distro kit, it's
rather less valuable. There are vanishingly few sites that
exclusively have software from signed kits installed, after all.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list