Mailinglist Archive: opensuse-security (50 mails)

< Previous Next >
[opensuse-security] Re: Package management security on SUSE Linux
  • From: Gar Ulbricht <garulbricht7@xxxxxxxxxxxx>
  • Date: Wed, 16 Jul 2008 00:37:36 -0400
  • Message-id: <487D7B10.4010908@xxxxxxxxxxxx>
Ludwig Nussel wrote on [security-announce] "Package management security on SUSE Linux" on Tue, 15 Jul 2008 17:10:52 +0200 (Reference:)
<http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00005.html>

>
> Dear openSUSE and SUSE Linux Enterprise users,
>
> Several news sites recently published articles
> citing a report about attacks on package managers.
> Some unfortunately chose a wording
> that could be misunderstood as if a rogue mirror server
> could trick YaST into installing malicious software
> when applying regular (security-) updates.
>
> This is not the case.... (snip)
>
----- <Ludwig Nussel's comments heavily trimmed >----

Dear Ludwig,

Thank you for taking the time to post your comments
on the (Novell) [security-announce] list
regarding "Package management security...".

I had seen the original University of Arizona CS article
(as you referenced in your footnote) and as cited
in either in slash-dot or digg (or may be both)
and it was good to get your take
on the "Stork project" research.

Thanks again.

--
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages