[indiana-discuss] opensolaris package repository vulnerability?

Rob Thu, 10 Jul 2008 17:11:32 -0700

There's a story today about several linux distros and how they're vulnerable to 
a number of attacks based on their distributed package management 
infrastructure:


http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html

This lead me to think, i don't believe opensolaris/indiana does any sort of 
package signing does it? Nor does it utilize SSL for communication for 
client<->server communications?

Do you guys think this could be a serious issue in the future?
--

This message posted from opensolaris.org

_______________________________________________
indiana-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/indiana-discuss

[indiana-discuss] opensolaris package repository vulnerability?

Reply via email to