On Wed, Apr 10, 2002 at 05:46:24PM -0400, Dominique Fortier wrote:
> > Basically, if you run binaries from an unsafe source, you get what you
> > deserve.
>
> Man, I try to be a honnest individual, I hope I don't deserve something
> like that !
>
> ..., Is there such a thing has a 100% safe source for binaries ?
Check the PGP key (or GnuPG key) and the md5 checksum from the source
(as long as you trust the source).
Even trusted sources (like ftp.porcupine.org/pub/security) get hit
with Trojan horses. Always check the digital signatures and the
checksums!
Debian does this when you do an apt-get, I believe.
-Anne
--
.-"".__."``". Anne Carasik, System Administrator
.-.--. _...' (/) (/) ``' gator@cacr.caltech.edu
(O/ O) \-' ` -="""=. ', Center for Advanced Computing Research
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attachment:
pgp7uACsHPa_O.pgp
Description: PGP signature