View previous topic :: View next topic |
Author |
Message |
xray n00b
Joined: 14 Aug 2003 Posts: 2 Location: Switzerland
|
Posted: Thu Aug 14, 2003 7:50 am Post subject: CERT Advisory CA-2003-21 GNU Project FTP Server Compromise |
|
|
The GNU FTP server got compromised. http://www.cert.org/advisories/CA-2003-21.html
I think we must assume (in the worst case) that some ebuilds have digests with incorrect md5 hashes. if we assume that the ftp server carries only correct files now, a hash mismatch will occour and we will detect the corrupted ebuilds. however, this will only work if you dont have the corrupted files cached in /usr/portage/distfiles.
Do we have to clean /usr/portage/distfiles from all files comming from the GNU FTP site?
rm /usr/portage/distfiles/* |
|
Back to top |
|
|
bsolar Bodhisattva
Joined: 12 Jan 2003 Posts: 2764
|
Posted: Thu Aug 14, 2003 8:15 am Post subject: |
|
|
There's this thread about this topic. _________________ I may not agree with what you say, but I'll defend to the death your right to say it. |
|
Back to top |
|
|
|