Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Get Gentoo! | Support | Planet | Wiki

Gentoo Spaceship
Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: James Harlow <james@...>
Subject: Re: MD5 mismatch for XFree86 patch
Date: Fri, 5 Dec 2003 07:26:41 +0000 
On Fri, Dec 05, 2003 at 12:31:42PM +0600, Anuradha Ratnaweera wrote:
> Was a bit paranoid, if the intruder may have changed both MD5 sum on the
> rsync server (are they there, at first place?) _and_ the source tarball
> on the other site, 

If an attacker had access to the rsync server he could add a patch in
the files/ directory and have the ebuild include it. MD5 mismatches are
far, far more likely to be unthreatening.

-- 
When a true genius appears in the world, you may know him by this sign, that the dunces are all in confederacy against him. - Jonathan Swift

--
gentoo-security@g.o mailing list
References:
MD5 mismatch for XFree86 patch
-- Anuradha Ratnaweera
Re: MD5 mismatch for XFree86 patch
-- Ryan Voots
Re: MD5 mismatch for XFree86 patch
-- Anuradha Ratnaweera
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: MD5 mismatch for XFree86 patch
Next by thread:
Re: MD5 mismatch for XFree86 patch
Previous by date:
Re: MD5 mismatch for XFree86 patch
Next by date:
Re: MD5 mismatch for XFree86 patch


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.