Kern Sibbald schrieb: > That and the fact that their upload process is *extremely* insecure -- it is > trivial to modify anyone's code, and it would be super trivial to substitute > a root kit or any other attack without the knowledge of the person releasing > the files. I informed Source Forge of these problems a year or two ago, but > they have chosen to ignore them even though they have made major > modifications to their system.
Another good reason to verify RPM signatures (hint!). However, I am quite confident that my RPMs which are accessible through the download system are unmodified as I always download them again from another trusted system where I verify them (rpm --checksig). fs ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
