Yup. Just check the SHA1 of the metadata to a version at a trusted location. Or figure out an incremental metadata format (append changes and append new signature), which would make it possible to push an update out every day or even every hour. The client would then refuse metadata with a time stamp that is too old. The possibility of incremental updates makes these 'time stamp updates' cheap in bandwidth.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds