Re: (fwd) OpenSSH trojan!
Le jeu 01/08/2002 à 15:16, Paul Hampson a écrit :
> On Thu, Aug 01, 2002 at 02:31:07PM +0200, Sebastien Chaumat wrote:
> > Is there any source signing mechanism available in Debian?
> There is, in that the MD5 sum of the .orig.tar.gz goes into
> the .dsc file.
> Not that it would affect this case, since the trojan would have
> been in the tar.gz which had it's MD5 recorded. Although it
> would only affect people who built the package anyway.
I guess in the future (see the apt-src and co threads on devel) more
and more people will auto-build packages localy. This will become a
serious issue then.