On Sat, May 31, 2014, at 12:06 AM, micah anderson wrote:
. keeps an adversary who may be listening on the wire from
looking at what you are installing. who cares what you are
installing? well it turns out that is very interesting
information. If you can see that I've just installed X
package, and you then just look over at our security tracker
and find that this package has an exploit...
It's only metadata, so who cares right? Only kidding. This is a totally
legitimate scenario which I didn't think of. Nice.