Ted Smith wrote: > On Thu, 2009-01-01 at 17:49 +0800, Koh Choon Lin wrote: >>>> I noted in recent times, servers for distro like Fedora and Debian >>>> were compromised by hackers. Are there some measures taken for >>>> gNewSense after those incidents? >> I actually meant to ask how the servers hosting gNewSense are >> protected to insure against rootkits being inserted into the >> distribution stream. > > Well, all packages are PGP-signed, the preferred distribution method of > the LiveCDs is BitTorrent (which is un-rootkitable), and the liveCD's > available for direct download are MD5sum'd (and the MD5sums are > PGP-signed).
I agree. The only things that really matter are: 1. Using a secure hash (e.g. SHA-256). 2. Keeping the GPG key secure. 3. Signing the hashes. Matt Flaschen _______________________________________________ gNewSense-users mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/gnewsense-users
