[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (fwd) OpenSSH trojan!

Le jeu 01/08/2002 à 15:16, Paul Hampson a écrit :
> On Thu, Aug 01, 2002 at 02:31:07PM +0200, Sebastien Chaumat wrote:
> >  Is there any source signing mechanism available in Debian?
> There is, in that the MD5 sum of the .orig.tar.gz goes into
> the .dsc file.
> Not that it would affect this case, since the trojan would have
> been in the tar.gz which had it's MD5 recorded. Although it
> would only affect people who built the package anyway.

 I guess in the future (see the apt-src and co threads on devel) more 
and more people will auto-build packages localy. This will become a
serious issue then.


Reply to: