1 |
Mike Williams <mike@××××××××.uk> posted |
2 |
200607311656.36538.mike@××××××××.uk, excerpted below, on Mon, 31 Jul 2006 |
3 |
16:56:35 +0100: |
4 |
|
5 |
> On Monday 31 July 2006 16:47, Atoms wrote: |
6 |
>> >> Nope. Works fine here. |
7 |
>> > |
8 |
>> > Okay, next question is, how do I clean portage up (sanely) to allow a |
9 |
>> > re-download of the ebuild? |
10 |
>> |
11 |
>> just do `ebuild |
12 |
>> /usr/portage/www-client/mozilla-firefox/mozilla-firefox-1.5.0.5.ebuild |
13 |
>> digest` and then emerge |
14 |
> |
15 |
> Err, no! |
16 |
> The size didn't match for a reason. |
17 |
> |
18 |
> Delete the ebuild, and sync again. From a different mirror if possible. |
19 |
|
20 |
My reaction too -- don't just blindly digest and emerge unless you are |
21 |
quite sure it's safe to do so (a dev explains it or you check viewcvs and |
22 |
verify that the one there is the same, plus verify that the ebuild isn't |
23 |
doing anything weird like retrieving "special" source |
24 |
from warez.and.crakz.r.us or the like). |
25 |
|
26 |
THE WARNING ABOVE, INCORRECT SIZE OR OTHER FAILURE TO VERIFY, COULD |
27 |
INDICATE A SECURITY ISSUE. SIMPLY REDIGESTING THE FAILED PACKAGE BYPASSES |
28 |
THE CHECKS AND COULD LEAVE YOUR GENTOO MACHINE CRACKED WIDE OPEN AND NO |
29 |
LONGER UNDER YOUR CONTROL!! |
30 |
|
31 |
I apologize for shouting, but your computer's security may depend on it. |
32 |
Don't do something stupid! |
33 |
|
34 |
In actuality, it's much more likely simply broken or even an entirely |
35 |
harmless difference like a missing newline or the like. However, you |
36 |
can't KNOW that, and with various server in the FLOSS community having |
37 |
already been found compromised, we know the crackers are trying, and it's |
38 |
not out of the realm of possibility that a Gentoo server could be |
39 |
compromised at some point. Thus, don't do something you might regret. |
40 |
Either hand verify the ebuild if you know how to, or wait a few hours to a |
41 |
day or two and the problem will probably have been resolved (or better, |
42 |
file a bug and report it, asking if it's legit). |
43 |
|
44 |
-- |
45 |
Duncan - List replies preferred. No HTML msgs. |
46 |
"Every nonfree program has a lord, a master -- |
47 |
and if you use the program, he is your master." Richard Stallman |
48 |
|
49 |
-- |
50 |
gentoo-amd64@g.o mailing list |