[lug] Weird su/sudo/login/ssh/mail problem
Evelyn Mitchell
efm at tummy.com
Fri Apr 5 11:31:20 MST 2002
* On 2002-04-05 18:26 Bear Giles <bgiles at coyotesong.com> wrote:
>
> But if my memory is correct, the problems did start around the time
> I sync'd against the Debian security server. One nightmare scenario
> has long been embedding a root kit into a package on a security package
> server.
We were discussing this at the last NCLUG meeting on Tuesday. Debian
doesn't have a way of revoking a trusted key from one of their developers.
Nor does their system offer any way of verifying signed packages.
There isn't anything in place to prevent that nightmare scenario.
More information about the LUG
mailing list