Lì mercoledì, 2004/06/09 alle 06:44, -0700, Karl Hegbloom ha scritto:
> Paranoia department (sign my key; target on my back):
>
> What if someone had control of a network who was "not a big Debian fan",
> or who just wanted to be evil and get trojan horse software onto
> people's computers for one reason or another. This person sets up the
> routers so that accesses to the official Debian mirrors are
> transparently proxied to a mirror they keep, but with certain strategic
> programs shadowed by their own version, with special patches applied.
maybe i simply don't understand, but isn't Packages file signing done
exactly to avoid such an attack?
federico
--
Federico Di Gregorio http://people.initd.org/fog
Debian GNU/Linux Developer fog@debian.org
INIT.D Developer fog@initd.org
We are all dust, Saqi, so play the lute
We are all wind, Saqi, so bring wine. -- Omar Khayam
Attachment:
signature.asc
Description: Questa parte del messaggio =?ISO-8859-1?Q?=E8?= firmata