Le vendredi 20 octobre 2017 10:58:32 UTC+2, Jeroen Demeyer a écrit : > > On 2017-10-19 20:07, Luca De Feo wrote: > > There you go for something crippled! https://shattered.io/ > > I don't think that this is actually relevant. This attack would only > work if an attacker is able to provide a specially manufactured source > tarball and get it accepted by SageMath. At that point, the attacker > could instead just insert arbitrary code in the source tarball. >
Wrong : a MITM attack could be used to redirect you to a doctored repository. Ditto, BTW, for a DNS attack... HTTPS offers *some* saveguards against that.. -- Emmanuel Charpentier -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
