1 |
On Mon, 22 Jan 2007 18:12:07 -0800 (PST), Eric Bohn wrote: |
2 |
|
3 |
> Using Portage you're putting yourself at the mercy of any Joe Schmoe |
4 |
> with a proxy connection to a Gentoo server that wants to compromise |
5 |
> your machine. |
6 |
|
7 |
How so? They'd have to get a compromised source tarball on the distfiles |
8 |
mirrors and a hacked ebuild into the CVS tree. Getting a hacked ebuild |
9 |
on the servers isn't enough, it would be replaced in no more than fifteen |
10 |
minutes. |
11 |
|
12 |
Why is this easier than getting a compromised RPM onto a Red Hat or SUSE |
13 |
server? |
14 |
|
15 |
|
16 |
-- |
17 |
Neil Bothwick |
18 |
|
19 |
I heard someone tried the monkeys-on-typewriters bit trying for the plays |
20 |
of W. Shakespeare but all they got was the collected works of Francis |
21 |
Bacon |