Gentoo Archives: gentoo-security

From: James Harlow <james@××××××××××××××.nu>
To: gentoo-security@g.o
Subject: Re: [gentoo-security] MD5 mismatch for XFree86 patch
Date: Fri, 05 Dec 2003 01:27:14
In Reply to: Re: [gentoo-security] MD5 mismatch for XFree86 patch by Anuradha Ratnaweera
On Fri, Dec 05, 2003 at 12:31:42PM +0600, Anuradha Ratnaweera wrote:
> Was a bit paranoid, if the intruder may have changed both MD5 sum on the > rsync server (are they there, at first place?) _and_ the source tarball > on the other site,
If an attacker had access to the rsync server he could add a patch in the files/ directory and have the ebuild include it. MD5 mismatches are far, far more likely to be unthreatening. -- When a true genius appears in the world, you may know him by this sign, that the dunces are all in confederacy against him. - Jonathan Swift -- gentoo-security@g.o mailing list