Three points:
1) Your attack scenario the attack only works for users who choose to
install a package without a signature (to opt out of using the
installer's verify signature option) and therefore is equivalent to the
current level of (in)security. So worst case for a user who doesn't use
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Just a heads up. I wrote about the effort on the fink-user list. I am
currently preparing a very long mail outlining a strategy to get Apple
more involved with us. This also includes things I have carefully
talked about to our analysts.
Last week, I tried to write a quick utility that would preen the cruft
from my /sw/src directory. You know, those distros that are no longer
needed. I thought no problem... a simple Perl script accessing the
Fink::* classes will suffice.
I was wrong. After about a dozen false starts, I still
On Saturday, November 30, 2002, at 06:36 PM, Randal L. Schwartz wrote:
1) is anyone already planning this?
Not that I'm aware of...
2) does anyone else share my pain?
Oh dear god yes!
3) if I take this on, who of you might want to help me?
I'd be interested in helpping. I don't know
On Saturday, November 30, 2002, at 03:36 PM, Randal L. Schwartz wrote:
Last week, I tried to write a quick utility that would preen the cruft
from my /sw/src directory. You know, those distros that are no longer
needed. I thought no problem... a simple Perl script accessing the
Fink::*
At 22:38 Uhr +0100 28.11.2002, Pejvan BEIGUI wrote:
Hi Max,
I'm installing Evolution via Fink, and I was wondering why it was
depending on Mozilla.
For SSL support.
Max
--
---
Max Horn
Software Developer
email: mailto:[EMAIL PROTECTED]
phone: