Archives
Archives
| From: | Torsten Veller <ml-en@××××××.net> | ||
|---|---|---|---|
| To: | gentoo-security@l.g.o | ||
| Subject: | [gentoo-security] Re: Thoughts on Package Security | ||
| Date: | Wed, 18 Feb 2004 17:20:59 | ||
| Message-Id: | 20040218180930.GAa8732.tv@veller.net | ||
| In Reply to: | Re: [gentoo-security] Thoughts on Package Security by will.richey@afternoonmoon.com | ||
| 1 | * will.richey@×××××××××××××.com: |
| 2 | |
| 3 | > So, the determined attacker would have to control considerable more |
| 4 | > than one site. |
| 5 | |
| 6 | No, only control of your sync mirror and only one changed ebuild is |
| 7 | needed to get full control of your server. |
| 8 | You can not distinguish if an ebuild is a real gentoo ebuild or a |
| 9 | faked one. |
| 10 | |
| 11 | Hope you really trust your sync carrier. |
| 12 | |
| 13 | -- |
| 14 | .: Torsten Veller | Apathy is not the problem, it's the solution. :. |
| 15 | |
| 16 | -- |
| 17 | gentoo-security@g.o mailing list |