Gentoo Archives: gentoo-security

From: Volker Armin Hemmann <volkerarmin@××××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] portage/rsync question
Date: Tue, 06 Apr 2010 21:04:00
In Reply to: [gentoo-security] portage/rsync question by "Butterworth
On Dienstag 06 April 2010, Butterworth, John W. wrote:
> Hi. I have a security-related question for Portage/rsync: > > > > If someone makes a change to a copy of a program (say a backdoor added to > apache) hosted on a public mirror, will the sync'ing between the public > mirror and the main rotation mirror determine that it's corrupted (via > 'bad' checksum) on the public-mirror side and replace it? > > > > Thank you in advance, > > -john
what mirror? If he changes the apache tarball on one of the distfile mirrors or the apache mirrors that one will be caught by the ckecksum check. If he changes the ebuild - well...


Subject Author
Re: [gentoo-security] portage/rsync question Pavel Labushev <p.labushev@×××××.com>