[arch-general] Arch Linux security is still poor....
Aaron Griffin
aaronmgriffin at gmail.com
Tue Mar 16 18:30:53 CET 2010
On Tue, Mar 16, 2010 at 12:18 PM, Jared Casper <jaredcasper at gmail.com> wrote:
> On Tue, Mar 16, 2010 at 8:49 AM, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>> On Tue, Mar 16, 2010 at 12:32 AM, Nilesh Govindarajan <lists at itech7.com> wrote:
>>> I don't think we need any security team for Arch. New packages are
>>> released within a week of their updates. GPG signing and md5sum
>>> verification is a must though.
>>
>> md5sum verification has ALWAYS been done
>>
>
> In a security context, verification of files installed by a package
> _after installation_ would be nice. i.e. "pacman --verify
> /usr/sbin/sshd" would tell me if the md5sum (or sha1sum, etc) of my
> /usr/sbin/sshd matches that of the official package.
Is this a feature request in the bug tracker? Please add it if you
want this functionality. That's the only way it will ever happen
More information about the arch-general
mailing list