Hi Christoph,
On Sun, 2009-09-06 at 00:41 +0200, Christoph Anton Mitterer wrote:
> Package: ttf-root-installer
> Version: 5.18.00-2.3
> Severity: critical
> Tags: security
>
...
> May I suggest the following:
> 1) Ship SHA512 sums of the downloaded contend with your package
> (perhaps after you make some (at least rudimentary) checks for
> malicious contents).
>
> 2) Check whether this matches with the sums of the downloaded files.
>
> 3) In case of mismatches, installation should fail, and all already
> downloaded/installed files should be removed.
Thank you for the suggestion. That is a good idea. I will implement
that in the next release of the packages. Thank you,
Yours,
--
___ | Christian Holm Christensen
|_| | -------------------------------------------------------------
| | Address: Sankt Hansgade 23, 4 Phone: (+45) 35 35 96 91
_| DK-2200 Copenhagen N Cell: (+45) 24 61 85 91
_| Denmark Office: (+45) 353 25 447
____| Email: [email protected] Web: http://cern.ch/cholm
| |
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
