List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Monday 08 November 2004 15:00, Hans-Werner Hilse wrote:
> Err... I think this description alone should do it, no need to waste
> your time writing the n-th description of how to set up a transparent
> proxy, setting up BIND and so on... You could write an ebuild
> "hacked-up-rsync-mirror" which does this all, so that all of us
> can do some testing :-)
I know how to do it, I and the other managers know it is an issue, it IS
NOT BEING IGNORED, but it is a manageable risk. In truth, the rsync
mirrors are fairly secure, and if you can't trust your local nameserver
you have bigger issues anyway.
> But i doubt that you really manage to hack up my BIND, place a
> transparent proxy in my connection to the net or convince me to use
> your fake mirror. But go on, play... Don't complain here if you're the
> one being laughed at on that mentioned mailing list...
DNS poisoning can be done, and we're working at signing, but people should
accept that changing things big in gentoo is not all that easy.
Paul de Vrieze