Gentoo Archives: gentoo-security

From:	James Harlow <james@××××××××××××××.nu>
To:	shoehn@××××××××××××××××××××.info
Cc:	gentoo-security@l.g.o
Subject:	Re: [gentoo-security] Built in integrity?
Date:	Tue, 10 Feb 2004 09:56:12
Message-Id:	`20040210095501.GC28649@james.is.never.wrong.nu`
In Reply to:	Re: [gentoo-security] Built in integrity? by shoehn@p15138739.pureserver.info

1	On Tue, Feb 10, 2004 at 09:29:57AM +0100, shoehn@××××××××××××××××××××.info wrote:
2	> If portage uses an evil server both the files and the MD5 values are
3	> tampered, the problem is that the user considers the wrong MD5 value
4	> as correct. I do not generate a file that has the "official" MD5
5	> value, I give the user a wrong MD5 value, by establishing a bad mirror.
6
7	Presumably this is why the checksums are distributed out-of-band of the
8	distfiles.
9
10	--
11	When a true genius appears in the world, you may know him by this sign, that the dunces are all in confederacy against him. - Jonathan Swift
12
13	--
14	gentoo-security@g.o mailing list