Hosting Provided By

Re: Recent updates

From: Felipe Figueiredo <philsf79(at)gmail.com>
Date: Mon Feb 18 2008 - 04:01:25 EST

On Sun 17 Feb 2008 17:48:16 Alexander Schmehl wrote:

> Well, a rogue hacker would need to be quite skilled to add some kind of
> "bad" package.
>
> Let's assume he has created a bad package and got control over a mirror

How about a simpler attack vector: compromise a devel account, and sneak in a patch to be automatically incorporated to a package. Is this feasible?

I understand that this case would not reflect what the OP asked about, but still.

regards
FF

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Mon Feb 18 04:19:31 2008

This message: [ Message body ]
Next message: Rolf Kutz: "Re: Recent updates"
Previous message: Alexander Schmehl: "Re: Recent updates"
In reply to: Alexander Schmehl: "Re: Recent updates"
Next in thread: Rolf Kutz: "Re: Recent updates"
Reply: Rolf Kutz: "Re: Recent updates"
Reply: Alexander Schmehl: "Re: Recent updates"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:59 EDT