On Sat, Nov 22, 2003 at 09:39:55AM +1100, Matthew Palmer wrote:
> On Sat, Nov 22, 2003 at 02:14:13AM +1100, Pete de Zwart wrote:
> > I wonder if any of the packages on security.debian.org have been compromised
> > and if so what affect that could have on current stable boxes.
>
> Short answer, no, none of the packages have been compromised. Longer
> answer, All packages have MD5 sums, and those sums are signed by a GPG key
> stored offline. Those signatures and sums have been verified before the
> archive goes back online, and you can be sure that if any packages had been
> compromised the information would have gone public immediately.
Of course, somebody will have to ask and it may as
well be me :-) if this hack has not JUST occurred
but actually happened sometime ago, and the gcc
that produced those md5 sums may be compromised :-)
http://www.acm.org/classics/sep95/
Interestingly, google categorises this paper under
humour.
Matt
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
