Re: Availability of a Signed Version of postgresql.jar

Kris Jurka wrote:
> This makes sense, but isn't exactly an item that anyone else has been
> begging for.  Does it matter which developer signs it?  Does it need
> to be the same one every time?  If yes, then we don't have that
> infrastructure available at the moment and I don't see how to build
> it given the looseness of our organization.  If no, then why not just
> sign it yourself. I guess I just fail to see the point of self
> signing.

One use of code-signing is to prevent the distribution of "fake" versions of
code.  *IF* the person using the code properly and conscientiously verifies
the signature on the code, then they can be sure that the signer signed the
exact copy they've received.  This protects against an attack whereby a web or
ftp server is compromised and people download versions of the driver with
trojan horses embedded... or even just where a trojan horse is distributed by
"back" channels aside from the web site.

For this purpose, any relatively trusted person who contributes to PostgreSQL
could grab the code, audit it for trojan horses, and then sign it.  The signed
version would prevent replacing the driver with an obvious trojan horse.
Nevertheless, since the code isn't really developed in a controlled "private"
environment to begin with, the signature would only mean that there aren't
obvious flaws.  In essense, it's no harder to postulate that someone
compromises the CVS server as that someone compromises a web or ftp server, so
some of the point is lost.

--
www.designacourse.com
The Easiest Way to Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation