Hi Christoph, On Sun, 2009-09-06 at 00:41 +0200, Christoph Anton Mitterer wrote: > Package: ttf-root-installer > Version: 5.18.00-2.3 > Severity: critical > Tags: security > ... > May I suggest the following: > 1) Ship SHA512 sums of the downloaded contend with your package > (perhaps after you make some (at least rudimentary) checks for > malicious contents). > > 2) Check whether this matches with the sums of the downloaded files. > > 3) In case of mismatches, installation should fail, and all already > downloaded/installed files should be removed.
Thank you for the suggestion. That is a good idea. I will implement that in the next release of the packages. Thank you, Yours, -- ___ | Christian Holm Christensen |_| | ------------------------------------------------------------- | | Address: Sankt Hansgade 23, 4 Phone: (+45) 35 35 96 91 _| DK-2200 Copenhagen N Cell: (+45) 24 61 85 91 _| Denmark Office: (+45) 353 25 447 ____| Email: ch...@nbi.dk Web: http://cern.ch/cholm | | -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org