22 Dec
2004
22 Dec
'04
1:43 p.m.
From: Richard Peters [mailto:r.a.peters@student.tue.nl]
Another argument that I thought of this morning: suppose we do not publish a self-extracting executable. What is going to stop an attacker from not uploading his own self-extracting look-alike? If he can change existing archives, he probably can add other archives as well.
right, but if some boost authority certifies its released packages, everybody is free to ignore such look-alikes. Isn't that the whole point of certification ? Regards, Stefan