1 |
On Fri, Dec 05, 2003 at 12:31:42PM +0600, Anuradha Ratnaweera wrote: |
2 |
> Was a bit paranoid, if the intruder may have changed both MD5 sum on the |
3 |
> rsync server (are they there, at first place?) _and_ the source tarball |
4 |
> on the other site, |
5 |
|
6 |
If an attacker had access to the rsync server he could add a patch in |
7 |
the files/ directory and have the ebuild include it. MD5 mismatches are |
8 |
far, far more likely to be unthreatening. |
9 |
|
10 |
-- |
11 |
When a true genius appears in the world, you may know him by this sign, that the dunces are all in confederacy against him. - Jonathan Swift |
12 |
|
13 |
-- |
14 |
gentoo-security@g.o mailing list |