1 |
On Monday 08 November 2004 15:00, Hans-Werner Hilse wrote: |
2 |
> Err... I think this description alone should do it, no need to waste |
3 |
> your time writing the n-th description of how to set up a transparent |
4 |
> proxy, setting up BIND and so on... You could write an ebuild |
5 |
> "hacked-up-rsync-mirror" which does this all, so that all of us |
6 |
> can do some testing :-) |
7 |
|
8 |
I know how to do it, I and the other managers know it is an issue, it IS |
9 |
NOT BEING IGNORED, but it is a manageable risk. In truth, the rsync |
10 |
mirrors are fairly secure, and if you can't trust your local nameserver |
11 |
you have bigger issues anyway. |
12 |
|
13 |
> |
14 |
> But i doubt that you really manage to hack up my BIND, place a |
15 |
> transparent proxy in my connection to the net or convince me to use |
16 |
> your fake mirror. But go on, play... Don't complain here if you're the |
17 |
> one being laughed at on that mentioned mailing list... |
18 |
|
19 |
DNS poisoning can be done, and we're working at signing, but people should |
20 |
accept that changing things big in gentoo is not all that easy. |
21 |
|
22 |
Paul |
23 |
|
24 |
-- |
25 |
Paul de Vrieze |
26 |
Gentoo Developer |
27 |
Mail: pauldv@g.o |
28 |
Homepage: http://www.devrieze.net |