* [gentoo-dev] Re: [gentoo-security] Verifying portage is from Gentoo
[not found] ` <20030113031328.A1850@netdirect.ca>
@ 2003-01-13 10:24 99% ` Paul de Vrieze
0 siblings, 0 replies; 1+ results
From: Paul de Vrieze @ 2003-01-13 10:24 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 789 bytes --]
On Monday 13 January 2003 09:13, cdfrey@netdirect.ca wrote:
> [snip]
>
> > But there are more easy ways to do this.
>
> Yeah... the idea that this is so easy to do is a little scary. I assume
> even the developers do "emerge rsyncs" over the internet (I could be
> wrong here), so there is a possibility for a trojan to silently work
> it's way through the entire Gentoo world from the developers down.
>
> I'm happy to see my comments weren't just brushed aside. Many thanks!
>
Maybe the easiest way would be that some/all rsync mirrors would offer rsync
over ssl, so that the origin servers could be authenticated. This would also
mean some changes for clients to be able to use it.
Paul
--
Paul de Vrieze
Researcher
Mail: pauldv@cs.kun.nl
Homepage: http://www.cs.kun.nl/~pauldv
[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
[not found] <20030112212303.A22196@netdirect.ca>
[not found] ` <20030113071722.GB1658@Daikan.pandora.be>
[not found] ` <20030113031328.A1850@netdirect.ca>
2003-01-13 10:24 99% ` [gentoo-dev] Re: [gentoo-security] Verifying portage is from Gentoo Paul de Vrieze
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox