On Thu, 2009-01-01 at 17:49 +0800, Koh Choon Lin wrote: > >> I noted in recent times, servers for distro like Fedora and Debian > >> were compromised by hackers. Are there some measures taken for > >> gNewSense after those incidents? > > I actually meant to ask how the servers hosting gNewSense are > protected to insure against rootkits being inserted into the > distribution stream.
Well, all packages are PGP-signed, the preferred distribution method of the LiveCDs is BitTorrent (which is un-rootkitable), and the liveCD's available for direct download are MD5sum'd (and the MD5sums are PGP-signed). The weakest point here is probably the MD5sums, as MD5 has been very broken for a very long while and it would make a lot more sense to use a less broken hash to verify authenticity.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ gNewSense-users mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/gnewsense-users
