On Fri, May 30, 2014, at 11:17 PM, Reid Sutherland wrote: > > As what I posted earlier, all you would need to do is to MITM the > > install of APT during an install. Who cares what the signatures look > > like since you've NOPed the checksumming code! > > So OpenSSL can be flawed and nobody bats an eye, APT uses GnuPG and > everyone (this guy) loses their mind?
Strawman much? What does bring up OpenSSL have anything to do with Debian mirrors being MITM? Alfie -- Alfie John [email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
