From: | Torsten Veller <ml-en@××××××.net> | ||
---|---|---|---|
To: | gentoo-security@l.g.o | ||
Subject: | [gentoo-security] Re: Thoughts on Package Security | ||
Date: | Wed, 18 Feb 2004 17:20:59 | ||
Message-Id: | 20040218180930.GAa8732.tv@veller.net | ||
In Reply to: | Re: [gentoo-security] Thoughts on Package Security by will.richey@afternoonmoon.com |
1 | * will.richey@×××××××××××××.com: |
2 | |
3 | > So, the determined attacker would have to control considerable more |
4 | > than one site. |
5 | |
6 | No, only control of your sync mirror and only one changed ebuild is |
7 | needed to get full control of your server. |
8 | You can not distinguish if an ebuild is a real gentoo ebuild or a |
9 | faked one. |
10 | |
11 | Hope you really trust your sync carrier. |
12 | |
13 | -- |
14 | .: Torsten Veller | Apathy is not the problem, it's the solution. :. |
15 | |
16 | -- |
17 | gentoo-security@g.o mailing list |