Re: trust update servers?
- From: houghi <houghi@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 29 Sep 2007 11:16:24 +0200
David Bolt wrote:
However it is very unlikely that a mirror will do
something like that.
Not themselves. Doesn't mean that someone couldn't hack a mirror, and
make all the required changes to the various files just so they can add
their own key as a replacement. Of course, once the replacement key is
imported and trusted...
Also more of a theoretical then a real thread. The person then also
should be hacking the whole rsync process, so that the fake key and all
the other fake code won't be overwritten.
Is it possible? Yes. Is it likely that it will go unnnoticed? No.
Obviously these are the mirrors. It becomes different if you put a repo
online yourself.
houghi
--
Microsoft says, "Where do you want to go today?"
Apple says, "Where do you want to go tomorrow?"
FOSS says, "Are you coming, or what?"
.
- Follow-Ups:
- Re: trust update servers?
- From: David Bolt
- Re: trust update servers?
- References:
- trust update servers?
- From: takeout
- Re: trust update servers?
- From: David Bolt
- Re: trust update servers?
- From: houghi
- Re: trust update servers?
- From: David Bolt
- trust update servers?
- Prev by Date: capture card
- Next by Date: Looking for a job?
- Previous by thread: Re: trust update servers?
- Next by thread: Re: trust update servers?
- Index(es):
