FSDB

Florin Andrei florin at sgi.com
Mon Aug 11 21:14:11 UTC 2003


On Mon, 2003-08-11 at 14:02, Geoff Reedy wrote:
> On Mon, Aug 11, 2003 at 01:42:32PM -0700, Florin Andrei <florin at sgi.com> said
> > "Hewlett-Packard, IBM, RSA Security, InstallShield Software, and Sun
> > Microsystems are also involved in the File Signature Database (FSDB)
> > effort. The repository will store metadata about individual files
> > created by each of the vendors, such as the file's name, a ¡born-on¢
> > date and its digital hash values."
> > 
> > Any plans to do that with Red Hat as well?
> 
> This sounds a lot like what can already be done with a command like rpm -Va.

Yes and no.

Yes, it's the same idea.

No, because with FSDB the signatures will be stored somewhere else, on a
trusted site, not on the system itself (not even on the owner's
network). Hence, even if your entire network gets compromised (unlikely,
but still...) you still have a trusted signature database to compare
with.

-- 
Florin Andrei

"Never send a human to do a machine's job." - Agent Smith





More information about the devel mailing list