Re: Package signing for the umpteenth time (was Re: unrealircd 3.2.8.1-2 contains backdoor)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Sun, 13 Jun 2010 19:48:53 +1000
Allan McRae <allan@xxxxxxxxxxxxx> wrote:

> >>
> >
> > This is the reason why we need package signing for Pacman.  I'm
> > aware that some progress has been made and it's being worked on.
> > Are there any updates?
> >
> 
> Yes...  because package signing magically fixes all upstream issues.
> 
> Allan

My point was that malicious attackers can add compromise packages to
mirrors and alter the repo.db.  Package signing would mitigate that.  I
was attempting to say that what happened in this instance could happen
to an Arch mirror or mirrors.  There's no need to be rude.

Ananda
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux