On Mon, 22 Jan 2007 18:12:07 -0800 (PST), Eric Bohn wrote: > Using Portage you're putting yourself at the mercy of any Joe Schmoe > with a proxy connection to a Gentoo server that wants to compromise > your machine.
How so? They'd have to get a compromised source tarball on the distfiles mirrors and a hacked ebuild into the CVS tree. Getting a hacked ebuild on the servers isn't enough, it would be replaced in no more than fifteen minutes. Why is this easier than getting a compromised RPM onto a Red Hat or SUSE server? -- Neil Bothwick I heard someone tried the monkeys-on-typewriters bit trying for the plays of W. Shakespeare but all they got was the collected works of Francis Bacon
signature.asc
Description: PGP signature