Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Get Gentoo! | Support | Planet | Wiki

Gentoo Spaceship
Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Torsten Veller <ml-en@...>
Subject: Re: Thoughts on Package Security
Date: Wed, 18 Feb 2004 18:19:00 +0100 
* will.richey@...:

> So, the determined attacker would have to control considerable more
> than one site.

No, only control of your sync mirror and only one changed ebuild is
needed to get full control of your server. 
You can not distinguish if an ebuild is a real gentoo ebuild or a
faked one.

Hope you really trust your sync carrier.

-- 
.:   Torsten Veller    |    Apathy is not the problem, it's the solution.    :.

--
gentoo-security@g.o mailing list
References:
Thoughts on Package Security
-- Brian Klauss
Re: Thoughts on Package Security
-- guerrilla_thought
Re: Thoughts on Package Security
-- Heikki Levanto
Re: Thoughts on Package Security
-- Brian Klauss
Re: Thoughts on Package Security
-- Ed Grimm
Re: Thoughts on Package Security
-- will . richey
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Thoughts on Package Security
Next by thread:
Re: Thoughts on Package Security
Previous by date:
Re: Security concerns and portage versioning
Next by date:
Re: Thoughts on Package Security


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.