[svlug] OpenSSH source may be trojaned, unless...
J. Paul Reed
preed at sigkill.com
Thu Aug 1 15:33:47 PDT 2002
On Thu, 1 Aug 2002, Bruce O. Benson wrote:
> > Let's say Sue runs Debian, but she just downloaded, built, and
> > installed the trojaned openssh. Is she ok?
>
> "apt-get install source ssh" retrieves safe non-trojaned OpenSSH source. So
> yes, Sue's OK.
Since when does "just downloaded" imply using apt-get?
Or are you saying that Debian restricts its users from getting the source
using ftp/wget/etc. and running "configure; make; make install" themselves?
An interesting datapoint in and of itself considering you were ranting
about people making assumptions based upon your statements.
Later,
Paul
-----------------------------------------------------------------------
J. Paul Reed preed at sigkill.com || web.sigkill.com/preed
Wait, stop! We can outsmart those dolphins. Don't forget: we invented
computers, leg warmers, bendy straws, peel-and-eat shrimp, the glory
hole, *and* the pudding cup! -- Homer Simpson, Tree House of Horror XI
More information about the svlug
mailing list