Re: [gNewSense-users] gNewSense Servers Safe

[Karl Goetz]

On Thu, 01 Jan 2009 16:31:26 -0500
Matthew Flaschen <address@hidden> wrote:

> Ted Smith wrote:
> > On Thu, 2009-01-01 at 17:49 +0800, Koh Choon Lin wrote:
> >>>> I noted in recent times, servers for distro like Fedora and
> >>>> Debian were compromised by hackers. Are there some measures
> >>>> taken for gNewSense after those incidents?
> >> I actually meant to ask how the servers hosting gNewSense are
> >> protected to insure against rootkits being inserted into the
> >> distribution stream.
> > 
> > Well, all packages are PGP-signed, the preferred distribution
> > method of the LiveCDs is BitTorrent (which is un-rootkitable), and
> > the liveCD's available for direct download are MD5sum'd (and the
> > MD5sums are PGP-signed).
> 
> I agree.  The only things that really matter are:
> 
> 1. Using a secure hash (e.g. SHA-256).

Moving from MD5SUM to SHA???SUM would be < 10 line patch to Builder,
IIRC.
kk

> 
> Matt Flaschen
> 



-- 
Karl Goetz, (Kamping_Kaiser / VK5FOSS)
Debian user / gNewSense contributor
http://www.kgoetz.id.au
No, I won't join your social networking group