On Tue, Mar 31, 2009 at 10:33 AM, Graham Percival <gra...@percival-music.ca> wrote: > On Mon, Mar 30, 2009 at 04:51:36PM -0300, Han-Wen Nienhuys wrote: >> It would be trivial, but as the md5sums would be autogenerated, so it >> does not buy any protection against anything. > > I wouldn't say that. It would provide notification of a botched > download (if anybody checks it), or notification of a very > sophisicated man-in-the-middle attack whereby somebody attempts to > hack a system by modifying lilypond tarballs. In order to gain a > local-user account.
For the modifying tarballs version, the attacker could also change de MD5s as the webpages and the binaries are hosted on the same server. -- Han-Wen Nienhuys - han...@xs4all.nl - http://www.xs4all.nl/~hanwen _______________________________________________ lilypond-user mailing list lilypond-user@gnu.org http://lists.gnu.org/mailman/listinfo/lilypond-user