[Slackbuilds-users] Corcern about sources' procedence
Hac Er
spamered at hotmail.com
Thu Jun 9 11:59:49 UTC 2011
On Thu, 9 Jun 2011 12:20:32 +0100
David Woodfall <dave at dawoodfall.net> wrote:
>
> I understand the OP's point, but then someone could hack the server of
> whoever provides the source and we have the same problem. I doubt
> there is any realistic way of checking source, apart being vigilant
> and watchful when using software.
>
> Nice hat by the way Niels ;)
>
> D.
I know.
However, many do provide means to test if what you are downloading is
what you want to download. They could crack www.snort.org and hang
there a evil copy of Snort, with a fake signature and a fake GPG key,
but if they did, anyone who had downloaded the GPG key a week before
would know there is something wrong when checked "snort latest version"
and found the signatures mismatch.
The only way you can ensure no one is gonna break into your computer is
trashing away your machines and rejecting every shape of I.T. from your
live. For those who don't want to apply so extreme measures, there is
prudence.
More information about the SlackBuilds-users
mailing list