Re: question about the security of entries in sources.list

To: csj <csj@mindgate.net>
Cc: debian-user@lists.debian.org
Subject: Re: question about the security of entries in sources.list
From: sean finney <seanius@seanius.net>
Date: Wed, 4 Dec 2002 13:40:22 -0500
Message-id: <[🔎] 20021204134022.A17507@sccs.swarthmore.edu>
In-reply-to: <[🔎] 878yz6y25t.wl@alpha>; from csj@mindgate.net on Wed, Dec 04, 2002 at 09:59:42AM +0800
References: <20021128023730.A10117@sccs.swarthmore.edu> <[🔎] 20021203205657.GA16769@fishbowl.madduck.net> <[🔎] 20021203163006.A6727@sccs.swarthmore.edu> <[🔎] 878yz6y25t.wl@alpha>

On Wed, Dec 04, 2002 at 09:59:42AM +0800, csj wrote:
> I remember reading somewhere that it would be easier to trojan
> programs by simply having the requested download redirected to a
> malicious server (by fooling around with the DNS stuff).

for the concern i previously mentioned, you're probably right.  however,
it would be nice to have the ability to limit what packages you could
download from a sources.list entry, if that's the specific reason you
put that entry in in the first place (i.e. i don't care what else metalab
has on their site, i only want blackdown java from them), wouldn't it?

	sean

Attachment: pgppyZyatolHL.pgp
Description: PGP signature

Reply to:

References:
- Re: question about the security of entries in sources.list
  - From: martin f krafft <madduck@debian.org>
- Re: question about the security of entries in sources.list
  - From: sean finney <seanius@seanius.net>
- Re: question about the security of entries in sources.list
  - From: csj <csj@mindgate.net>

Prev by Date: unsubscribe
Next by Date: gprof with -lc_p: anyone able to do it?
Previous by thread: Re: question about the security of entries in sources.list
Next by thread: [ANN] Best and Worst Development Practices -- Training in NYC and DC
Index(es):
- Date
- Thread