From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id B65261381F3 for ; Mon, 9 Sep 2013 17:36:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A11B8E0B87; Mon, 9 Sep 2013 17:36:18 +0000 (UTC) Received: from mail-bk0-f53.google.com (mail-bk0-f53.google.com [209.85.214.53]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 65F10E0B4F for ; Mon, 9 Sep 2013 17:36:17 +0000 (UTC) Received: by mail-bk0-f53.google.com with SMTP id d7so2411303bkh.26 for ; Mon, 09 Sep 2013 10:36:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:user-agent:in-reply-to:references :mime-version:content-type; bh=Cs0FGMzWtdArgL25alcZ6vrFRPega2r7h8s2EiEdojE=; b=w/NMvBOXodYZOlgE4ugfDLnQ0hPF/HW3WUuCwo0kH0uIaVPB45XzTX9YRAX0oQcF81 wETJzNEObB1F/Mg0/9wIQGCsdd2R0n6XuAyefDF2r71+9MgqrMBJ1RyOXC2vxrLdMupz 5rY+HM22VGyrTez/ZSV2biM/kUe4e7RRxfduXwcWwQkh/eAj+7L1t2hRyyw/eZ8bXxY9 6xPM1ok+uNRyF9lLDAbFFUReCG924hj4HENYhFhZ10r5mkFqLWPuM6ac/R1xyGVqoJzX TRSCr1lsccN85GrscF4SxcBXC92u7dmrXDVIZch9vpS1DArZJKvuK1Xir0bhpDmrfkYt MDoQ== X-Received: by 10.204.168.197 with SMTP id v5mr6557487bky.24.1378748175920; Mon, 09 Sep 2013 10:36:15 -0700 (PDT) Received: from melforce.localnet (melforce.xtsubasa.org. [2a02:578:5002:8062::2]) by mx.google.com with ESMTPSA id jt14sm3727810bkb.0.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 09 Sep 2013 10:36:15 -0700 (PDT) From: Pavel Volkov To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Internet security. Date: Mon, 09 Sep 2013 21:36:01 +0400 Message-ID: <7746439.y0vQmxOMge@melforce> User-Agent: KMail/4.11.1 (Linux/3.10.9-gentoomelf; KDE/4.11.1; x86_64; ; ) In-Reply-To: <522DD479.80001@orlitzky.com> References: <522D257C.5060902@gmail.com> <522DD479.80001@orlitzky.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart39393467.i9EpL0fSnZ"; micalg="pgp-sha1"; protocol="application/pgp-signature" X-Archives-Salt: 28fc8944-a5cf-426b-9207-a6dade5d4d80 X-Archives-Hash: f84d425a8360d410e6c5b1d4448706ec --nextPart39393467.i9EpL0fSnZ Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" On Monday 09 September 2013 10:00:25 Michael Orlitzky wrote: > No. There's a GLEP for some of these issues: > > https://www.gentoo.org/proj/en/glep/glep-0057.html > > The relevant part is, > > ...any non-Gentoo controlled rsync mirror can modify executable code; > as much of this code is per default run as root a malicious mirror > could compromise hundreds of systems per day - if cloaked well > enough, such an attack could run for weeks before being noticed. I noticed there's another GLEP which eliminates the mirror problem: http://www.gentoo.org/proj/en/glep/glep-0058.html It's marked as accepted. I hope they'll implement it in reasonable time. --nextPart39393467.i9EpL0fSnZ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (GNU/Linux) iQIcBAABAgAGBQJSLgcOAAoJEOj4705IdACTIlIQAI2Uz1oX6GsNSwiasL667RSu J+B7BRRu1hIWHG2inW7h0jvjmwyBeePNLL2fkkXIWQKSLnUT16b+xTHVBwCEYdRF OxknhTi2nkLwBsAjOb7R8JEmFmb0GpFFZNzPdd5s2Qzr+l8FlVFysyxiIY7p2gg3 cKF2MPrT+PIxGJ+I/TPeTf84AqwuwsEQsJWSrdLm1iHbVVz/KELK6R4PQoNAR84B wLf+9qPvIqotzSfv/biLgHFzvZOAe36+2iewTYXVpUv8vCGSmJvPLOF3hF3nJ5wP CWflGQ9NM7mpkzL/JolcjQI9c6t7nbQrtfdgidRJ+cuYEDiUZEL4Qe0aLR2e2kGR jOLA6gDnMTjN7yst1bs1yu4F44qk3VsBFuem3oyIFmu+TJ6GQyVbpeLILW69nlEw kQ1BKJJOlj5Qy73KXhQPMdgbyTnEKMJfpPtXnhPC3IEfjuretzqWDR/rH/YxXe8M bWmnxUkzdOjTsy1oU3p40fa1GFWhO4iMCuG3Tfs1tbCti/pYWeB0co5sCZbaggSp oNJqD+YGs4/ms+AlIFnQEKESvrEa/Ms0UKvC00QU4oohkqfBFA9jvnU6L2arkSL2 FdgPjrsCVdgAh9LKZ+jmO1DZTPKiQaQ0CcER7jrrV+KvUK3SXnlUtor8mhkWInPN RFxKezALeWlZ/hrlf80v =5QjZ -----END PGP SIGNATURE----- --nextPart39393467.i9EpL0fSnZ--