[svlug] Spinning down a SCSI disk

Don Marti dmarti at zgp.org
Thu Jul 17 15:35:31 PDT 2008

Previous message: [svlug] Spinning down a SCSI disk
Next message: [svlug] Spinning down a SCSI disk
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

begin Rick Moen quotation of Thu, Jul 17, 2008 at 12:51:47PM -0700:

> On any well-run distro, your package manager vets downloaded code
> against signatures the package maintainer believes can be trusted, to
> verify that none of the contents have been tampered with, including
> downstream from the original developer.

Good point.  If you manually build a package from
upstream, it works even if the upstream server was
compromised and you were one of the people who got
a corrupted version before the compromise got fixed.

If you try to install from a compromised distribution
mirror using a properly set up package manager,
it will actually fail if the package is corrupt.

The worst that an attacker can do is put you back to
an old version of something -- LWN thread here:
  http://lwn.net/Articles/289883/

And besides -- why make work for yourself that you
don't have to do?  See Mark Pilgrim on "I don't
compile anything."
  http://diveintomark.org/archives/2007/06/02/one-year-with-linux

-- 
Don Marti                                               +1 415-734-7913 mobile
http://zgp.org/~dmarti/
dmarti at zgp.org         Linux device driver unconference: http://freedomhec.org/

Previous message: [svlug] Spinning down a SCSI disk
Next message: [svlug] Spinning down a SCSI disk
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list