From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <you@hanez.org>
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=5.0 tests=DMARC_MISSING,
	MAILING_LIST_MULTI,NICE_REPLY_A autolearn=unavailable
	autolearn_force=no version=4.0.0
Received: from moutvdomng2.kundenserver.de (moutvdom.kundenserver.de [195.20.224.149])
	by chiba.3jane.net (Postfix) with ESMTP id A6379ABDB1
	for <gentoo-dev@lists.gentoo.org>; Fri,  2 Aug 2002 04:58:22 -0500 (CDT)
Received: from [195.20.224.206] (helo=mrvdomng0.kundenserver.de)
	by moutvdomng2.kundenserver.de with esmtp (Exim 3.35 #2)
	id 17aZCO-0000Ef-00
	for gentoo-dev@lists.gentoo.org; Fri, 02 Aug 2002 11:58:20 +0200
Received: from [80.130.48.209] (helo=n1.hanez.org)
	by mrvdomng0.kundenserver.de with esmtp (Exim 3.35 #2)
	id 17aZCO-0006Jw-00
	for gentoo-dev@lists.gentoo.org; Fri, 02 Aug 2002 11:58:20 +0200
Content-Type: text/plain;
  charset="iso-8859-1"
From: Johannes Findeisen <you@hanez.org>
Organization: http://hanez.org
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] possible trojan in openssh-3.4p1
Date: Fri, 2 Aug 2002 09:36:40 +0200
User-Agent: KMail/1.4.2
References: <20020801103714.A26100@capsi.com> <wxx8z3q1z3s.fsf@nommo.uio.no> <200208011539.05025.rkaper@ism.nl>
In-Reply-To: <200208011539.05025.rkaper@ism.nl>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200208020936.40432.you@hanez.org>
Sender: gentoo-dev-admin@gentoo.org
Errors-To: gentoo-dev-admin@gentoo.org
X-BeenThere: gentoo-dev@gentoo.org
X-Mailman-Version: 2.0.6
Precedence: bulk
List-Help: <mailto:gentoo-dev-request@gentoo.org?subject=help>
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Subscribe: <http://lists.gentoo.org/mailman/listinfo/gentoo-dev>,
	<mailto:gentoo-dev-request@gentoo.org?subject=subscribe>
List-Id: Gentoo Linux developer list <gentoo-dev.gentoo.org>
List-Unsubscribe: <http://lists.gentoo.org/mailman/listinfo/gentoo-dev>,
	<mailto:gentoo-dev-request@gentoo.org?subject=unsubscribe>
List-Archive: <http://lists.gentoo.org/pipermail/gentoo-dev/>
X-Archives-Salt: 7aa4b898-87f4-4786-b717-07c5230157bb
X-Archives-Hash: 49e08d121ae3ec009b5266eb5fac20b5

On Thursday 01 August 2002 15:39, Rob Kaper wrote:
> On Thursday 01 August 2002 15:35, Terje Kvernes wrote:
> >   if the checksum differ, which it would have, emerge will abort.
> >   although, emerge logs do sound like a very good idea.
>
> For optimum security, emerge should check checksums from different
> locations. One or two trusted servers (often even the same as the one w=
here
> the files reside, although that might not be true for gentoo) can be
> compromised too easily.

if this should be a option in portage, we always need to download two fil=
es=20
from two servers to check if the md5sum are the same... :-(
IMO it is good as it is. the gentoo-core team are providing a md5sum in t=
he=20
portage tree and that should be enough.

regards
hanez... ;-)

--=20
begin  .signature
question: is it a feature to execute code in emails?
=09i don't think so!
end