On Thu, 01 Jan 2009 16:31:26 -0500 Matthew Flaschen <[email protected]> wrote:
> Ted Smith wrote: > > On Thu, 2009-01-01 at 17:49 +0800, Koh Choon Lin wrote: > >>>> I noted in recent times, servers for distro like Fedora and > >>>> Debian were compromised by hackers. Are there some measures > >>>> taken for gNewSense after those incidents? > >> I actually meant to ask how the servers hosting gNewSense are > >> protected to insure against rootkits being inserted into the > >> distribution stream. > > > > Well, all packages are PGP-signed, the preferred distribution > > method of the LiveCDs is BitTorrent (which is un-rootkitable), and > > the liveCD's available for direct download are MD5sum'd (and the > > MD5sums are PGP-signed). > > I agree. The only things that really matter are: > > 1. Using a secure hash (e.g. SHA-256). Moving from MD5SUM to SHA???SUM would be < 10 line patch to Builder, IIRC. kk > > Matt Flaschen > -- Karl Goetz, (Kamping_Kaiser / VK5FOSS) Debian user / gNewSense contributor http://www.kgoetz.id.au No, I won't join your social networking group _______________________________________________ gNewSense-users mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/gnewsense-users
