1 |
On Monday 09 September 2013 10:00:25 Michael Orlitzky wrote: |
2 |
> No. There's a GLEP for some of these issues: |
3 |
> |
4 |
> https://www.gentoo.org/proj/en/glep/glep-0057.html |
5 |
> |
6 |
> The relevant part is, |
7 |
> |
8 |
> ...any non-Gentoo controlled rsync mirror can modify executable code; |
9 |
> as much of this code is per default run as root a malicious mirror |
10 |
> could compromise hundreds of systems per day - if cloaked well |
11 |
> enough, such an attack could run for weeks before being noticed. |
12 |
|
13 |
I noticed there's another GLEP which eliminates the mirror problem: |
14 |
http://www.gentoo.org/proj/en/glep/glep-0058.html |
15 |
|
16 |
It's marked as accepted. I hope they'll implement it in reasonable time. |