Re: Packages and signatures
On Sun, Jan 28, 2001 at 09:59:14PM +0100, Tollef Fog Heen wrote:
> * Matt Zimmerman
>
> | A CD vendor presses a CD using the contents of the archive at time X, and the
> | archive is compromised at X+k. The CD vendor does not need to worry about his
> | CD contents.
>
> You do not always know when a compromise takes place - you just find
> out that somebody has rooted you. In which case one cannot know for
> sure which packages are ok and which aren't.
Are you saying that if a compromise were discovered tomorrow, new potato CDs
would have to be made?
In my experience, it is nearly always possible to determine (with a certain
margin of error) the date on which a compromise occurred.
--
- mdz
Reply to: