On Sunday 01 February 2004 21.03, Richard Bos wrote:
Are they from the same source? The apt repository is nothing more than glueing several spread out directories into one location. As you probably already have seen the glueing is done using links. The chkrootkit rpm comes from me, and as you already pointed out the ps-20031117 rpm comes from kraxel. This to me seems different sources. I run chkrootkit on my box and no infections found.
OK, I didn't check where chkrootkit came from, sorry. The suspicious ps package is identical on suse.com and on gwdg.de, so it seems that if something has been compromised it's on suse.com. My first reaction was to call for the packages to be signed, even if they were in /pub/people, so we can be sure the mirrors aren't compromised (still a good idea), but if the original source is bad even that won't help