Once upon a time, Stephen John Smoogen <smooge@xxxxxxxxx> said: > On Wed, Jan 13, 2010 at 11:33 AM, Jon Ciesla <limb@xxxxxxxxxxxx> wrote: > > Thanks, Seth. And if we don't, what's a good resource for security > > auditing n00bs? > > 1) Look over the change history. Don't trust the source repository but > older versions of the tar balls and see what has changed between them. To add to this, by "older versions of the tar balls", don't just download an older version from the suspected bad place (as it could have been tampered with as well). For packages that have been in Fedora since before the initial suspected attack, grab an old SRPM from a Fedora archive mirror. -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
