| 1 |
On Dienstag 06 April 2010, Butterworth, John W. wrote: |
| 2 |
> Hi. I have a security-related question for Portage/rsync: |
| 3 |
> |
| 4 |
> |
| 5 |
> |
| 6 |
> If someone makes a change to a copy of a program (say a backdoor added to |
| 7 |
> apache) hosted on a public mirror, will the sync'ing between the public |
| 8 |
> mirror and the main rotation mirror determine that it's corrupted (via |
| 9 |
> 'bad' checksum) on the public-mirror side and replace it? |
| 10 |
> |
| 11 |
> |
| 12 |
> |
| 13 |
> Thank you in advance, |
| 14 |
> |
| 15 |
> -john |
| 16 |
|
| 17 |
what mirror? If he changes the apache tarball on one of the distfile mirrors or |
| 18 |
the apache mirrors that one will be caught by the ckecksum check. |
| 19 |
|
| 20 |
If he changes the ebuild - well... |
Archives