1 |
On Monday 13 January 2003 09:13, cdfrey@×××××××××.ca wrote: |
2 |
> [snip] |
3 |
> |
4 |
> > But there are more easy ways to do this. |
5 |
> |
6 |
> Yeah... the idea that this is so easy to do is a little scary. I assume |
7 |
> even the developers do "emerge rsyncs" over the internet (I could be |
8 |
> wrong here), so there is a possibility for a trojan to silently work |
9 |
> it's way through the entire Gentoo world from the developers down. |
10 |
> |
11 |
> I'm happy to see my comments weren't just brushed aside. Many thanks! |
12 |
> |
13 |
|
14 |
Maybe the easiest way would be that some/all rsync mirrors would offer rsync |
15 |
over ssl, so that the origin servers could be authenticated. This would also |
16 |
mean some changes for clients to be able to use it. |
17 |
|
18 |
Paul |
19 |
|
20 |
-- |
21 |
Paul de Vrieze |
22 |
Researcher |
23 |
Mail: pauldv@××××××.nl |
24 |
Homepage: http://www.cs.kun.nl/~pauldv |