On Thu, 10 Aug 2000, Roman Drahtmueller wrote:
The integrity problem that you mention is definitely not off-topic. :-)
autorpm may be a bad idea unless the rpm packages are signed. This is planned for the near future in the SuSE distribution.
Well, maybe we are a bit paranoid since we had an incident this year. A hacker hijacked one of our user accounts and left traces of actions undertaken to gain root access. We discussed the aspect above several times... So here is may question to the real experts: What are the recomended steps to do security updates from FTP when there is no PGP signature in the files? You know there was this incident with tripwire on the dutch server that was hacked and trojaned as far as I remember. Is there a reason to worry about somebody being able to hack and trojan the security updates supplied via ftp AND to hack an change the md5 sums provided by SuSE at the same time? Or is this coincidence too far from being probable? Cheers, Thomas -- |--------------------------------------------------------------------------| | Thomas Forbriger email: Thomas.Forbriger@geophys.uni-stuttgart.de | | Universitaet Stuttgart - Institut fuer Geophysik | | Richard-Wagner-Str. 44 D-70184 Stuttgart Germany | | Tel ++49 (711) 121-3593 or 3422 or 3424 or 3590 | Fax ++49 (711) 2361218 | | http://www.geophys.uni-stuttgart.de/thof | | "... there's nothing more bizarre than reality..." (M. Kindermann) |