On Wed, Sep 17, 2014 at 07:21:08AM -0400, Tim Boudreau wrote: > If someone wants to commit malicious code into Gentoo, they're far more > likely to take the ugly but pragmatic approach of, say, forcing someone to > commit malicious code at gunpoint and then shooting them, than to go to the > vast effort it would take to come up with malicious code that conveniently > has the same SHA-1 hash as an existing commit.
But... what's the point? Upload ugly backdoor to all Gentoo users? (like there're 0,01% of computer users out there?) It would be easier to just gunpoint "the interesting user" or torture him for keys/passwords/whatever in some creepy basement. This looks like someone has a really bad fantasy about Gentoo ruling the world where every bad guy/terrorist/younameit uses this super-secured-gpged-git-portage (and looking at "Snowden files" all this is already exploited ;). Piotr Szymaniak. -- ... wyobrazenie, ze ludzkosc zmierza ku jakiemus naprawde milemu przeznaczeniu, jest bajka dla dzieci ponizej szostego roku zycia, jak Dobra Wrózka, Zajaczek Wielkanocny i Sw. Mikolaj. -- Kurt Vonnegut, "Hokus Pokus"
signature.asc
Description: Digital signature