Ludwig Nussel wrote on [security-announce] "Package management security
on SUSE Linux" on Tue, 15 Jul 2008 17:10:52 +0200 (Reference:)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00005.html
Dear openSUSE and SUSE Linux Enterprise users,
Several news sites recently published articles
citing a report about attacks on package managers.
Some unfortunately chose a wording
that could be misunderstood as if a rogue mirror server
could trick YaST into installing malicious software
when applying regular (security-) updates.
This is not the case.... (snip)
----- ----
Dear Ludwig,
Thank you for taking the time to post your comments
on the (Novell) [security-announce] list
regarding "Package management security...".
I had seen the original University of Arizona CS article
(as you referenced in your footnote) and as cited
in either in slash-dot or digg (or may be both)
and it was good to get your take
on the "Stork project" research.
Thanks again.
--
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security+help@opensuse.org