| 1 |
On Monday 13 January 2003 09:13, cdfrey@×××××××××.ca wrote: |
| 2 |
> [snip] |
| 3 |
> |
| 4 |
> > But there are more easy ways to do this. |
| 5 |
> |
| 6 |
> Yeah... the idea that this is so easy to do is a little scary. I assume |
| 7 |
> even the developers do "emerge rsyncs" over the internet (I could be |
| 8 |
> wrong here), so there is a possibility for a trojan to silently work |
| 9 |
> it's way through the entire Gentoo world from the developers down. |
| 10 |
> |
| 11 |
> I'm happy to see my comments weren't just brushed aside. Many thanks! |
| 12 |
> |
| 13 |
|
| 14 |
Maybe the easiest way would be that some/all rsync mirrors would offer rsync |
| 15 |
over ssl, so that the origin servers could be authenticated. This would also |
| 16 |
mean some changes for clients to be able to use it. |
| 17 |
|
| 18 |
Paul |
| 19 |
|
| 20 |
-- |
| 21 |
Paul de Vrieze |
| 22 |
Researcher |
| 23 |
Mail: pauldv@××××××.nl |
| 24 |
Homepage: http://www.cs.kun.nl/~pauldv |
Archives