Re: marillat false alarm?
Marty wrote: Since the Oct 29 update of realplayer: # chkrootkit -q /usr/lib/realplay-10.0.6/share/default/.realplayerrc Besides having no idea what chkrootkit is complaining about, what really bothers me is having no way to validate marillat packages, since I'm running stable. (That's another issue which I've tried to address without success.) Thanks for any help. I think chkrootkit warns about any filenames that start with . in the system directories. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: marillat false alarm?
On Mon, Oct 31, 2005 at 04:57:56PM -0500, Marty wrote: what really bothers me is having no way to validate marillat packages, since I'm running stable. (That's another issue which I've tried to address without success.) In Marillat's ftp archive are various .dsc files, for each package. This is signed by his GPG key, which is in the debian-keyring package. The file itself contains the md5sums of the constituent parts of the source packages (diff.gz and orig.tar.gz). You can use these to build your own binary packages. If the binaries were tampered with, their md5sums wouldn't match the .dsc file. If the .dsc file was tampered with, the signature wouldn't be valid. -- Jon Dowland http://jon.dowland.name/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
marillat false alarm?
Since the Oct 29 update of realplayer: # chkrootkit -q /usr/lib/realplay-10.0.6/share/default/.realplayerrc Besides having no idea what chkrootkit is complaining about, what really bothers me is having no way to validate marillat packages, since I'm running stable. (That's another issue which I've tried to address without success.) Thanks for any help. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: marillat false alarm?
On Mon, Oct 31, 2005 at 04:57:56PM -0500, Marty wrote: Since the Oct 29 update of realplayer: # chkrootkit -q /usr/lib/realplay-10.0.6/share/default/.realplayerrc Besides having no idea what chkrootkit is complaining about, what really bothers me is having no way to validate marillat packages, since I'm running stable. (That's another issue which I've tried to address without success.) Thanks for any help. I'm not sure about the chkrootkit complaint. However, if you don't like Marillat's packages, or that you can't verify them, then quit using them. They are unofficial anyway, so I don't see the problem. Personally, I trust his packages to a degree. Marillat is a well known Debian developer and I imagine that the packages he has made available are a by-product of the tools he uses personally. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto pgplFqZ2vDi3V.pgp Description: PGP signature
Re: marillat false alarm?
Roberto C. Sanchez wrote: I'm not sure about the chkrootkit complaint. However, if you don't like Marillat's packages, or that you can't verify them, then quit using them. They are unofficial anyway, so I don't see the problem. I don't know of any official counterparts with equivalent functionality. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]