On Fri, May 30, 2014, at 11:17 PM, Reid Sutherland wrote: > > As what I posted earlier, all you would need to do is to MITM the > > install of APT during an install. Who cares what the signatures look > > like since you've NOPed the checksumming code! > > So OpenSSL can be flawed and nobody bats an eye, APT uses GnuPG and > everyone (this guy) loses their mind?
Strawman much? What does bring up OpenSSL have anything to do with Debian mirrors being MITM? Alfie -- Alfie John alf...@fastmail.fm -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401456195.8866.123289337.07259...@webmail.messagingengine.com
