On Fri, Jul 25, 2008 at 07:31:30PM +1200, Nathan Ward wrote: > So uh, is this patch available for download over HTTPS with a key that > was generated by the vendor and signed by well trusted root CAs on a > boxes with OpenSSL versions not released by Debian? > > PATCH NOW PATCH NOW seems like a fantastic way to get nefarious code > deployed in really, really interesting places. > > :-)
I'm not smiling. I'm wondering if we're insufficiently paranoid. Course that could be because I'm reading the Mitnick book this week. But I don't think so. Cheers, -- jra -- Jay R. Ashworth Baylink [EMAIL PROTECTED] Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin)
