From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DMARC_NONE,MAILING_LIST_MULTI, NICE_REPLY_A autolearn=unavailable autolearn_force=no version=4.0.0 Received: from mail.ism.nl (latrappe.ism.nl [212.123.210.24]) by chiba.3jane.net (Postfix) with SMTP id 5E4C6AC3AF for ; Thu, 1 Aug 2002 08:40:06 -0500 (CDT) Received: (qmail 13656 invoked by uid 0); 1 Aug 2002 13:40:05 -0000 Received: from unknown (HELO 10.0.0.240) (10.0.0.240) by 0 with SMTP; 1 Aug 2002 13:40:05 -0000 From: Rob Kaper Organization: ISM To: Terje Kvernes Subject: Re: [gentoo-dev] possible trojan in openssh-3.4p1 Date: Thu, 1 Aug 2002 15:39:05 +0200 User-Agent: KMail/1.4.5 References: <20020801103714.A26100@capsi.com> <200208011505.42361.bastiaf@gmx.de> In-Reply-To: Cc: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200208011539.05025.rkaper@ism.nl> Sender: gentoo-dev-admin@gentoo.org Errors-To: gentoo-dev-admin@gentoo.org X-BeenThere: gentoo-dev@gentoo.org X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux developer list List-Unsubscribe: , List-Archive: X-Archives-Salt: 8bf2a832-2e6c-4b49-8e60-96ab284bfa92 X-Archives-Hash: 42ee45a1c203b82f52e46da9cd9aef14 On Thursday 01 August 2002 15:35, Terje Kvernes wrote: > if the checksum differ, which it would have, emerge will abort. > although, emerge logs do sound like a very good idea. =46or optimum security, emerge should check checksums from different locati= ons.=20 One or two trusted servers (often even the same as the one where the files= =20 reside, although that might not be true for gentoo) can be compromised too= =20 easily. Rob