At 1:25 -0700 10/9/02, Ben Hines wrote: >Yep. If a fink package tells you its MD5 is bad, please notify the >maintainer (or the list) and we will look in to it. > >Fink MD5s are stored in the .info files, locally, so a hacker cannot >change them unless they hack fink CVS AND the site with the tarball. >:)
It looks like sendmail is not in fink, so I suppose nobody could have caught the trojaned version by this mechanism (nor could they be harmed, of course). But what if the trojan were sufficiently subtle that it escaped detection for a few weeks or months, the fink maintainer calculated the MD5 on the trojaned version, and put it into the system? Bill. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Fink-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-users
