[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (fwd) OpenSSH trojan!

On Thu, Aug 01, 2002 at 02:31:07PM +0200, Sebastien Chaumat wrote:
>  Is there any source signing mechanism available in Debian?

There is, in that the MD5 sum of the .orig.tar.gz goes into
the .dsc file.

Not that it would affect this case, since the trojan would have
been in the tar.gz which had it's MD5 recorded. Although it
would only affect people who built the package anyway.

Paul "TBBle" Hampson, MCSE
5th year CompSci/Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)

Of course Pacman didn't influence us as kids. If it did,
we'd be running around in darkened rooms, popping pills and
listening to repetitive music.

This email is licensed to the recipient for non-commercial
use, duplication and distribution.

Attachment: pgpFCYQ3yAUDw.pgp
Description: PGP signature

Reply to: