Marcin Owsiany wrote:
>
> It (generating good and bad package with colliding sum) is actually
> easier than one might think. The reason is that you can embed any kind
> of binary blob inside an executable and make the executable behavior
> dependent on the "version" of the blob.
I retract what I
In article <[EMAIL PROTECTED]> you wrote:
> I assume, it's tradition from the times, when only few people
> used apt-get and friends (and many years apt-get did not have
> signature support). A pointer to a "generic" description for
> people who don't want to/cannot use apt-get would be sufficient
* Sjors Gielen:
> Kees Cook wrote:
>> Additionally, it doesn't matter -- it's just the md5 in the email
>> announcement. The Release and Packages files for the archive have SHA1
>> and SHA256. The md5 from the announcement is almost not important,
>> IMO -- no one should download files individua
On Saturday 25 October 2008 09:28:02 W. Martin Borgert wrote:
> On 2008-10-25 07:09, Felipe Figueiredo wrote:
> > Can anyone please explain why that long list of links and filenames is
> > interesting, or point to a link that does?
>
> I assume, it's tradition from the times, when only few people
>
On Fri, Oct 24, 2008 at 03:12:20PM -0500, Raphael Geissert wrote:
> Bas Steendijk wrote:
> >
> > 2 files with a colliding hash can only be made by someone who can
> > influence the creation of the file (thus, someone inside debian). he can
> > make a "good" and a "bad" version of a package with th
On 2008-10-25 07:09, Felipe Figueiredo wrote:
> Can anyone please explain why that long list of links and filenames is
> interesting, or point to a link that does?
I assume, it's tradition from the times, when only few people
used apt-get and friends (and many years apt-get did not have
signature
On Saturday 25 October 2008 00:20:46 Alexander Konovalenko wrote:
> On Sat, Oct 25, 2008 at 02:33, Kees Cook <[EMAIL PROTECTED]> wrote:
> > [...]
> >
> > Additionally, it doesn't matter -- it's just the md5 in the email
> > announcement. The Release and Packages files for the archive have SHA1
> >
7 matches
Mail list logo