Re: Debian for enterprise
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 16 November 2003 10:40, Kjetil Kjernsmo wrote:
> The funny thing is that many of these are security related; I mean, what
> a perfect way to trojan a bunch of newbie's machines: The newbie hears
> on debian-user that he must update some of these packages: So, there is
> a malicious cracker who put a site up with "official updates", which
> the newbie finds on Google (or apt-get.org, perhaps), ads it to his
> sources.list. Instantly, he gets a version of Snort that ignores
> attacks and chkrootkit with a rootkit... Also, since the newbie
> probably hasn't met anyone for a keysigning party, signatures won't
> mean anything to him. Elegant, huh?
The newbie wouldn't pick it from the crackers site, because the newbie would
just change his sources.list file to point at testing or unstable.
I'm not a newbie (much), but even when I was, I don't think I ever used an
outside source than Debian proper. I either went with stable, or updated to
testing/unstable. It's just recently, that I bothered to add the kde
backport sources.
Debian is a system, which pretty much encourage you NOT to downloaded debian
packages from website, but rather use the apt-get system. If a package is
not in the repository, I just get the source from the originating website.
- --
John L. Fjellstad____________________________________________________
web: http://www.fjellstad.org/ Quis custodiet ipsos custodes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iEYEARECAAYFAj+3V2oACgkQkz0vhQtHHRikogCePz3SJT1XQvqaWpewbiaHxmBP
ogIAoLltIonQpIdDnsAS+Bq3Y8b9s9IW
=2VJU
-----END PGP SIGNATURE-----
Reply to: