The debian advisory was very explicit that the archive was never
compromised. I haven't heard any more details, but I'd love to hear
how the break in occured and what where there trust relationships
between the broken-into machines and the archive machines.
And how are they so sure that the archive machines weren't compromised?
I understand how they can check the integrity of the archives (MD5 sums), but what tools and procedure do they use for the rest of the system? Tripwire with some unwritable media for checksums? Something else?
Cheers, Muli
Cheers, Amos (a user of a very stable "unstable" debian)
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
