On Thu, 2005-02-03 at 08:19 -0500, Jeff Johnson wrote:
Whether changelogs should be part of an immutable region or not is an
open
question too. It is (and was) certainly possible to define a header
immutable region
without including changelogs content, which would permit truncation or other
forms of normalization, editing header content while installing.
I chose to put *all* tags into a header immutable region so that I
would not have to have the discussion about which tags go where.
For example, the content in changelogs, if not hardened by digest and/or
signature,
might be part of a socially engineered exploit to disguise a maliciously
modified
package. It's very hard not believe what you read.
Well, I didn't propose anything of that sort (i.e. changelog outside of
what is digested/signed) ;-). What I meant was that it is irrelevant
whether you sign/digest an actually existing stream of bytes which
contains the changelog or the result of a function which puts together
this stream from changelog and the remainder of the header.
Nils
--
Nils Philippsen / Red Hat / nphilipp(a)redhat.com
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011