Mailinglist Archive: opensuse-factory (175 mails)
| < Previous | Next > |
Re: [opensuse-factory] how secure is the opensuse packagemanager
- From: Michal Marek <mmarek@xxxxxxx>
- Date: Tue, 15 Jul 2008 14:48:09 +0200
- Message-id: <487C9C89.7010703@xxxxxxx>
ab wrote:
If you use http://download.opensuse.org/update/11.0/ as your update
repository, then the metadata will be served directly, efectively
avoiding the attack AFAICS. The mirrors will only be redirected to for
rpm files.
Michal
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
there seems to be some activity regarding package manager security issues:
<http://www.cs.arizona.edu/people/justin/packagemanagersecurity/>
how secure is the opensuse way in the recent opensuse releases?
If you use http://download.opensuse.org/update/11.0/ as your update
repository, then the metadata will be served directly, efectively
avoiding the attack AFAICS. The mirrors will only be redirected to for
rpm files.
Michal
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |