FSDB

Geoff Reedy vader21 at imsa.edu
Mon Aug 11 21:02:54 UTC 2003


On Mon, Aug 11, 2003 at 01:42:32PM -0700, Florin Andrei <florin at sgi.com> said
> "Hewlett-Packard, IBM, RSA Security, InstallShield Software, and Sun
> Microsystems are also involved in the File Signature Database (FSDB)
> effort. The repository will store metadata about individual files
> created by each of the vendors, such as the file's name, a ¡born-on¢
> date and its digital hash values."
> 
> Any plans to do that with Red Hat as well?

This sounds a lot like what can already be done with a command like rpm -Va.
The rpm database already stores MD5 sums, file sizes, modification
timestamps, file permissions, etc. for every installed package.  Packages
themselves can be GPG signed to guarantee authenticity.  For added security a
copy of the rpm database along with an rpm executable could be stored on some
read only media and the verify happen from there.

Geoff Reedy

-- 
Geoffrey Reedy                                       vader21 at imsa.edu





More information about the devel mailing list