l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2004 Dec 31 09:08

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: trusting downloaded code (was: [vox-tech] Installing Java)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: trusting downloaded code (was: [vox-tech] Installing Java)

Quoting Richard Harke (rharke@earthlink.net):

> For some packages I have downloaded, the signers key is retrieved from
> a different site. I also then check against a key server. This is not
> foolproof but it does make the bad guys job harder. Another factor is
> time. If I use the same sites over again, I may be able to check
> against a key I got some time ago. Presumably, if it would have been
> compromised, it would have been canceled and a new key generated.

Yes, these are both good rules of thumb.  

I don't think that best practices[1] on this subject have been written
about, much.  It might make a good article.

[1] And I don't mean
http://linuxmafia.com/~rick/lexicon.html#best-practices .  ;->

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.