| 1 |
On Monday 08 November 2004 15:00, Hans-Werner Hilse wrote: |
| 2 |
> Err... I think this description alone should do it, no need to waste |
| 3 |
> your time writing the n-th description of how to set up a transparent |
| 4 |
> proxy, setting up BIND and so on... You could write an ebuild |
| 5 |
> "hacked-up-rsync-mirror" which does this all, so that all of us |
| 6 |
> can do some testing :-) |
| 7 |
|
| 8 |
I know how to do it, I and the other managers know it is an issue, it IS |
| 9 |
NOT BEING IGNORED, but it is a manageable risk. In truth, the rsync |
| 10 |
mirrors are fairly secure, and if you can't trust your local nameserver |
| 11 |
you have bigger issues anyway. |
| 12 |
|
| 13 |
> |
| 14 |
> But i doubt that you really manage to hack up my BIND, place a |
| 15 |
> transparent proxy in my connection to the net or convince me to use |
| 16 |
> your fake mirror. But go on, play... Don't complain here if you're the |
| 17 |
> one being laughed at on that mentioned mailing list... |
| 18 |
|
| 19 |
DNS poisoning can be done, and we're working at signing, but people should |
| 20 |
accept that changing things big in gentoo is not all that easy. |
| 21 |
|
| 22 |
Paul |
| 23 |
|
| 24 |
-- |
| 25 |
Paul de Vrieze |
| 26 |
Gentoo Developer |
| 27 |
Mail: pauldv@g.o |
| 28 |
Homepage: http://www.devrieze.net |
Archives