(Gah, I hate top-quoting on mailing lists, but no choice as at work :( )
I'm of the opinion you should let users decide, not to make Fink block these packages from compiling. I haven't seen any Fink packages fail a MD5sum so not sure what happens, but what you could do is to throw up a message saying "This package has failed the MD5 checksum. This package may be compromised, and/or trojaned. You are advised NOT to progress, and if you choose to do so, you do at your own risk. Do you still wish to progress - Yes/No:"
-----Original Message-----
From: Max Horn [mailto:[EMAIL PROTECTED]]
Sent: Thu 8/1/2002 2:11 PM
To: Viktor Haag; fink-users
Cc:
Subject: Re: [Fink-users] /. repors that OpenSSH from ftp.openbsd.orgcompromised
At 8:54 Uhr -0400 01.08.2002, Viktor Haag wrote:
>This may or may not affect the fink Openssh package; I don't have
>it installed, so I don't know from whence it pulls its sources.
>
>Apparently the codebase on ftp.openbsd.org has been trojaned. See
>the slashdot story posted Aug 01 at 0810 for more details.
>
>--
We do pull the sources from there, however, we are using the correct
MD5 of the non-infected source base. Hence users would have to force
a build if they want to build with the infected sources.
I guess we should change Fink to refuse to build if the MD5 doesn't
match. Right now, it allows you to build anyway, on your own risk of
course.
Cheers,
Max
--
-----------------------------------------------
Max Horn
Software Developer
email: <mailto:[EMAIL PROTECTED]>
phone: (+49) 6151-494890
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Fink-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-users
Title: RE: [Fink-users] /. repors that OpenSSH from ftp.openbsd.orgcompromised
- Re: [Fink-users] /. repors that OpenSSH from ftp.openb... Max Horn
- Felberbaum, Yoav M.
