Getting to F18
Bruno Wolff III
bruno at wolff.to
Sun Dec 16 17:16:37 UTC 2012
On Sun, Dec 16, 2012 at 18:12:13 +0100,
Reindl Harald <h.reindl at thelounge.net> wrote:
>
>nothing easier as to point you to another repo with /etc/hosts
>if something goes wrong on your machine - it is enough if you
>are ONE TIME ente your root-password in the wrong dialog and
>after pointing you to a modified repo you get a backdoor installed
>which you can not detect if it is done well by filter output of
>lsof, ps and whatever tools you think are helping you in such cased
At that point it is game over and a signed upgrade process isn't going
to help.
>who makes you believe repos are always trustable for sure and no
>ssh-keys of maintainers are lost and misued? it happened not so long
>ago to the fedora infrastructure (google is your friend)
That is a different risk than the one that started this conversation.
More information about the users
mailing list