[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#19479: Package manager vulnerable
From: |
Richard Stallman |
Subject: |
bug#19479: Package manager vulnerable |
Date: |
Tue, 06 Jan 2015 23:27:03 -0500 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> If you expect him to know the latest version number of a package
> (without relying on the gnu.org webserver to find out, in case
> it's compromised),
It is normal for users to find the latest version based on gnu.org.
So we don't expect that.
> and you expect him to manually verify that his download is the
> latest version (in addition to verifying the signature, of
> course),
The file name has the version in it.
So it seems we have a problem to fix. Would you like to help
us fix it?
--
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
Use Ekiga or an ordinary phone call.
- bug#19479: Copyright issue, (continued)
- bug#19479: Copyright issue, Richard Stallman, 2015/01/12
- bug#19479: Copyright issue, Richard Stallman, 2015/01/10
- bug#19479: Copyright issue, Kelly Dean, 2015/01/09
- bug#19479: Copyright issue, Glenn Morris, 2015/01/09
- bug#19479: Copyright issue, Glenn Morris, 2015/01/09
bug#19479: (on-topic) Re: bug#19479: Package manager vulnerable, Kelly Dean, 2015/01/10
bug#19479: Disclaimer is now on file at FSF, Kelly Dean, 2015/01/20
bug#19479: Package manager vulnerable, Kelly Dean, 2015/01/06
- bug#19479: Package manager vulnerable,
Richard Stallman <=