Hi All,
Did anyone see this paper:
A Look In the Mirror: Attacks on Package Managers
http://www.cs.arizona.edu/~jhh/papers/ccs08.pdf
It suggests that anyone who has control of a mirror can cause client
machines to install software created by the attacker or install an
outdated version of a package with a vulnerability the attacker knows
how to exploit.
Is anyone in Debian working on a response to this issue.
Cheers,
Erik
--
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
http://lists.debian.org/[email protected]
