| 1 |
On Monday 09 September 2013 10:00:25 Michael Orlitzky wrote: |
| 2 |
> No. There's a GLEP for some of these issues: |
| 3 |
> |
| 4 |
> https://www.gentoo.org/proj/en/glep/glep-0057.html |
| 5 |
> |
| 6 |
> The relevant part is, |
| 7 |
> |
| 8 |
> ...any non-Gentoo controlled rsync mirror can modify executable code; |
| 9 |
> as much of this code is per default run as root a malicious mirror |
| 10 |
> could compromise hundreds of systems per day - if cloaked well |
| 11 |
> enough, such an attack could run for weeks before being noticed. |
| 12 |
|
| 13 |
I noticed there's another GLEP which eliminates the mirror problem: |
| 14 |
http://www.gentoo.org/proj/en/glep/glep-0058.html |
| 15 |
|
| 16 |
It's marked as accepted. I hope they'll implement it in reasonable time. |
Archives