[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: download versie 2.12
From: |
Graham Percival |
Subject: |
Re: download versie 2.12 |
Date: |
Tue, 31 Mar 2009 22:16:49 +0800 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Tue, Mar 31, 2009 at 11:14:43AM -0300, Han-Wen Nienhuys wrote:
> On Tue, Mar 31, 2009 at 10:33 AM, Graham Percival
> <address@hidden> wrote:
> > I wouldn't say that. It would provide notification of a botched
> > download (if anybody checks it), or notification of a very
> > sophisicated man-in-the-middle attack whereby somebody attempts to
> > hack a system by modifying lilypond tarballs. In order to gain a
> > local-user account.
>
> For the modifying tarballs version, the attacker could also change de
> MD5s as the webpages and the binaries are hosted on the same server.
Hmm, good point. Now, I guess that we could start GPG-signing the
md5s... but this is getting past the "idle speculation" phase and
into "unrestrainedly ridiculous" phase. :)
Cheers,
- Graham
- download versie 2.12, dirk van der eerden, 2009/03/29
- Re: download versie 2.12, Jan Nieuwenhuizen, 2009/03/30
- Re: download versie 2.12, Patrick McCarty, 2009/03/30
- Re: download versie 2.12, Han-Wen Nienhuys, 2009/03/30
- Re: download versie 2.12, Graham Percival, 2009/03/31
- Re: download versie 2.12, Han-Wen Nienhuys, 2009/03/31
- Re: download versie 2.12,
Graham Percival <=
- Re: download versie 2.12, Simon Dahlbacka, 2009/03/31
- Re: download versie 2.12, Jan Nieuwenhuizen, 2009/03/31
- Re: download versie 2.12, Trevor Daniels, 2009/03/31
- Re: download versie 2.12, Francisco Vila, 2009/03/31
- Re: download versie 2.12, Trevor Daniels, 2009/03/31