1 |
On Dienstag 06 April 2010, Butterworth, John W. wrote: |
2 |
> Hi. I have a security-related question for Portage/rsync: |
3 |
> |
4 |
> |
5 |
> |
6 |
> If someone makes a change to a copy of a program (say a backdoor added to |
7 |
> apache) hosted on a public mirror, will the sync'ing between the public |
8 |
> mirror and the main rotation mirror determine that it's corrupted (via |
9 |
> 'bad' checksum) on the public-mirror side and replace it? |
10 |
> |
11 |
> |
12 |
> |
13 |
> Thank you in advance, |
14 |
> |
15 |
> -john |
16 |
|
17 |
what mirror? If he changes the apache tarball on one of the distfile mirrors or |
18 |
the apache mirrors that one will be caught by the ckecksum check. |
19 |
|
20 |
If he changes the ebuild - well... |