On Tue, Sep 13, 2005 at 12:15:21PM +0100 or so it is rumoured hereabouts,
Proinnsias Breathnach thought:
>> I'd be leaning towards some flavour of gpg encrypted/signed call-home
> registration method. Registration script to encrypt to your public
> release-key a message which is signed by the users' key. To which the
> server replies with a decrypt-key encrypted to the user-key. The script
> would only store the decrypt-key in memory, avoiding most of the vectors
> for its getting out into the wild.
This method limits unpacking of your tarball to those machines that can
access your server. If your server disappears, they cannot get at the
tarball ever. You'd need to provide the means to get at the tarball on a
standalone machine.
Conor
--
Conor Daly <conor.daly at oceanfree.net>
Domestic Sysadmin :-)
---------------------
Hobbiton.cod.ie
12:27:38 up 29 days, 20:19, 2 users, load average: 0.18, 0.11, 0.03
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
