gnewsense-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gNewSense-users] gNewSense Servers Safe


From: Ted Smith
Subject: Re: [gNewSense-users] gNewSense Servers Safe
Date: Thu, 01 Jan 2009 13:13:03 -0500

On Thu, 2009-01-01 at 17:49 +0800, Koh Choon Lin wrote:
> >> I noted in recent times, servers for distro like Fedora and Debian
> >> were compromised by hackers. Are there some measures taken for
> >> gNewSense after those incidents?
> 
> I actually meant to ask how the servers hosting gNewSense are
> protected to insure against rootkits being inserted into the
> distribution stream.

Well, all packages are PGP-signed, the preferred distribution method of
the LiveCDs is BitTorrent (which is un-rootkitable), and the liveCD's
available for direct download are MD5sum'd (and the MD5sums are
PGP-signed).

The weakest point here is probably the MD5sums, as MD5 has been very
broken for a very long while and it would make a lot more sense to use a
less broken hash to verify authenticity.

Attachment: signature.asc
Description: This is a digitally signed message part


reply via email to

[Prev in Thread] Current Thread [Next in Thread]