Re: kernel.org compromised
On Thu, Sep 01, 2011 at 06:05:01PM -0300, Henrique de Moraes Holschuh wrote:
> Our kernels are not a problem. The Debian mirror in mirrors.kernel.org,
> on the other hand... While the apt signature will protect users
> downloading packages through the package manager, users that get binary
> packages directly are not protected.
The connection is not authenticated, so it makes no difference if you
get modified stuff or if it is modified in transit.
Totally illogical, there was no chance.
-- Spock, "The Galileo Seven", stardate 2822.3