[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The possibility of malicious code in the Debian unstable libtool-1.5 package



On Tue, Aug 26, 2003 at 08:23:44AM -0700, Alan W. Irwin wrote:
> Thus, wouldn't it be the right thing to do to withdraw the Debian unstable
> libtool-1.5 package until GNU has a chance to check the tarball? (And of
> course after the checked version is available, the tarball used to create
> the current package should be checked against it to make sure nothing
> malicious got propagated while the libtool-1.5 package was available).

Would it not be the right thing to simply run diff between the source in
testing (assuming that predates the crack) and the one in unstable and
look for suspicious code?  It doesn't take somebody operating in an
official GNU capacity to confirm that there's no malicious code there.

noah

Attachment: pgpXGrc22J5o8.pgp
Description: PGP signature


Reply to: