Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Volker Armin Hemmann <volkerarmin@...>
Subject: Re: portage/rsync question
Date: Tue, 6 Apr 2010 22:20:44 +0200
On Dienstag 06 April 2010, Butterworth, John W. wrote:
> Hi.  I have a security-related question for Portage/rsync:
> 
> 
> 
> If someone makes a change to a copy of a program (say a backdoor added to
> apache) hosted on a public mirror, will the sync'ing between the public
> mirror and the main rotation mirror determine that it's corrupted (via
> 'bad' checksum) on the public-mirror side and replace it?
> 
> 
> 
> Thank you in advance,
> 
> -john

what mirror? If he changes the apache tarball on one of the distfile mirrors or 
the apache mirrors that one will be caught by the ckecksum check.

If he changes the ebuild - well...


Replies:
Re: portage/rsync question
-- Pavel Labushev
References:
portage/rsync question
-- Butterworth, John W.
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
portage/rsync question
Next by thread:
Re: portage/rsync question
Previous by date:
portage/rsync question
Next by date:
Re: portage/rsync question


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.