1 |
On Thu, 30 Sep 2004 15:04:44 -0400, Stephen P. Becker <geoman@g.o> wrote: |
2 |
> |
3 |
> Really though, it only becomes insecure if the source code can't be |
4 |
> trusted. This has become a bit more complicated/worrisome lately since |
5 |
> it has been demonstrated that malicious source tarballs with the same |
6 |
> md5sum as as the originals could be used to attack a gentoo install. I |
7 |
> think steps are being taken to remove this possibility from affecting |
8 |
> portage, however. |
9 |
> |
10 |
|
11 |
Remember, it's not just security though. A bug in a script when run |
12 |
as root could wipe out all or parts of a system. |
13 |
|
14 |
|
15 |
Chris |
16 |
|
17 |
-- |
18 |
gentoo-dev@g.o mailing list |