* Lisa Seelye <[EMAIL PROTECTED]>: > On Fri, 2003-11-21 at 21:09, Yi Qiang wrote: > > how "trustful" our distfile > > repositories really are. If indeed one is compromised it would be too > > easy for someone to slip a backdoor into a package, especially since I > > and a lot of other gentoo users simply ignore md5 checksums.
Ignoring of md5 checksums is not even necessary. As a holder of a distfile mirror i can put a patch in the 'files' dir and generate a suitable md5. The user will not see that he got fooled/backdoored. And best: If you wait long enough (after new version) the local distfiles are overwritten and every evidence in /var/db/pkg is wiped out. > If the key server/signature is compromised you have gained nothing over > the way we have it now. Adding it is just another way for something to > go wrong. Yes, but as long as your key is not compromised everyone will see that the distfiles come from the same source. > As for users doing ebuild foo.ebuild digest blindly - that's a good way > to put your box at serious risk. ACK. So the user should be able to verify that every file didnot get altered. And this is only possible with signified sources. -- .: Torsten | Don't tell any big lies today. Small ones can be :. .: | just as effective. :. -- [EMAIL PROTECTED] mailing list
