On Sat, Nov 22, 2003 at 02:14:13AM +1100, Pete de Zwart wrote: > I wonder if any of the packages on security.debian.org have been compromised > and if so what affect that could have on current stable boxes.
Short answer, no, none of the packages have been compromised. Longer answer, All packages have MD5 sums, and those sums are signed by a GPG key stored offline. Those signatures and sums have been verified before the archive goes back online, and you can be sure that if any packages had been compromised the information would have gone public immediately. > I tried to see if there was any more news about it at Debian's web site but > it isn't listed in the news section yet. Oddly enough, the compromise isn't listed on the News section at all. That's OK, slashdot has 553 comments, and I'm sure they're all constructive and factual, so there's no shortage of news about the event. <g> - Matt -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
