On Jul 20, neodaxus@gmx.net <neodaxus@gmx.net> wrote:
theoretically it is possible that modified packages for Linux distributions are made available in order to create backdoors (e.g. through a hacked server or mirror, wrong IP routing / DNS resolving, or simply someone making available manipulated packages at a site under his control).
I wonder how SuSE and other distros protect themselves against this threat. [...] Who knows about SuSE (YOU + Yast)?
All SuSE packages are cryptographically signed with the SuSE build key (build@suse.de). It is automatically installed from the CDs. In addition to that, fou4s (http://fou4s.gaugusch.at/) allows you to install packages that are signed with fully trusted keys, apart from the SuSE key. Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \