Security Portal: Vendor Key ManagementFeb 22, 2001, 00:21 (0 Talkback[s])
(Other stories by Kurt Seifried)
"Times sure do change. I remember when Linux was new, a "hacker's" OS. We had to walk 10 miles, uphill, to get install floppies for it. (Actually I was lucky, I only had to copy them - my friend downloaded the Slackware images over a 9600 modem.)"
"Back then security wasn't much of an issue for most Linux users. We used telnet, and we liked it. Software updates either consisted of downloading the source and compiling it, or using extremely simple package management such as Slackware provides (although calling tarballs package management does seem kind). GnuPG didn't exist, and PGP was still only used by a minority (an even smaller minority than today, if you can believe that)."
"Now almost all software distribution includes some form of cryptographic authentication, from RPM's built-in support of PGP/GnuPG, to Microsoft's authenticode, to simply placing signatures in a text file with the software on the distribution site. This is becoming increasingly important as software distribution channels become less and less centralized."